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Disaster  recovery  specialist  Keith  Ford  was 
in  London  when  a  bomb  detonated  outside 
his  Citibank  office. 
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The  goal?  Create  a  system 


that  allows  5,000  insurance 
field  reps  to  connect  with 
headquarters  from  5,000 
different  locations.  Here’s 
the  catch  —  the  locations 
change  every  single  day. 


BETTER  MOBILITY.  That's  what  American  General  Life  &  Accident 
Insurance  Company,  a  member  of  American  International  Group,  Inc., 
knew  its  sales  team  needed  to  streamline  the  sales  process  and 
enhance  customer  service.  Working  closely  with  Fujitsu,  American 
General  now  uses  a  pen  tablet-based  system  that  gives  field  reps 
greater  mobility  and  allows  them  to  send  and  receive  data  from 
wherever  they  are  to  the  home  office  each  day.  Payment  collection, 
account  maintenance,  and  even  retrieval  of  new  policy  information 
are  all  now  done  remotely  and  with  less  paper.  Get  the  rest  of  the 
story  at  us. fujitsu. com/casestudy/.  When  you  team  with  a  global  leader 
in  mobile  computing,  you  can  accomplish  anything. 


©2002  Fujitsu.  All  rights  reserved. 
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THE  POSSIBILITIES  ARE  INFINITE 


www.fujitsu.com 


L 


T 


WARNING 


THIS  FACILITY  IS 

SUBJECT  TO 

SUDDEN  SHIFTS 

IN  SCALE, 

.... 


When  you  think  scalability,  it’s  time  to  think  software. 


Today’s  Web-driven  world  demands  a  faster  way  to 
scale  up  and  out.  But  instead  of  thinking  hardware,  it’s 
time  to  think  smarter  software,  as  in  the  modular  and 
scalable  Microsoft®  server  platform. 


THINK  UPTIME  “Microsoft  provides  scalable  and  reliable 
products  at  an  unbeatable  price  with  the  ability  to  scale 
out,  not  just  up.  As  a  result  we  are  able  to  add  new  servers 
without  costly  downtime.”  —  Don  Heckman,  VP,  Engineering 
Program  Management,  Qwest 


The  Microsoft  server  platform  gives  you  the  choice  of 
thinking  bigger,  smaller,  up,  or  out.  That  way  you  can  deploy 
Microsoft  SQL  Server™  2000  on  Windows'1  2000  Datacenter 
Server  for  heavy-duty  ERP  and  transaction  processing, 
and  scale  up  to  support  terabytes  of  data  and  millions 
of  transactions.  Or  scale  out  with  Microsoft  Application 
Center  2000  by  adding  clusters  of  Windows  2000-based 


♦Source:  Transaction  Processing  Performance  Council,  October  2001.  ©  2002  Microsoft  Corporation.  All  rights  reserved.  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of 


servers  running  distributed  applications.  Which  means  that 
it  also  has  the  lowest  price-to-performance  ratio  of  any 
competitive  platform* 

So  no  matter  how  quickly  things  change,  your  business 
is  always  perfectly  scaled  to  handle  it.  For  more  ways  to 
scale  with  software,  visit  us  at  microsoft.com/servers 

/scalability  Software  for  the  Agile  Business. 

I  I 


a  tual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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You  shouldn't  have  to  adapt  your  company  to  fit  some  imposing  enterprise  software  design. 
At  Lawson,  we  create  software  solutions  for  specific  industries.  Our  industry  experts  make  sure 
of  it.  The  result  is  proven  software  that  works  for  you.  With  deeper  functionality.  Fast,  seamless 


LAWSON 


implementation.  Rapid  return  on  investment.  Lower  total  cost  of  ownership.  And  experienced 
consulting  and  support  teams  to  meet  your  ongoing  needs.  Which  explains  why  many  of  our 
customers  are  industry  leaders.  Details  await  at  www.lawson.com/truck7  or  call  1-800-477-1357. 
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Cover  Story 

SECURITY  ROI  I  42 

Finally,  a  Real 
Return  on  Security 
Spending 

For  years  CIOs  have  had  to  use  scare  tactics  and 
other  soft  arguments  to  justify  an  investment  in 
security.  Now,  for  the  first  time,  they  may  be  able  to 
get  numbers  they  need  to  show  a  measurable  ROI. 
By  Scott  Berinato 


COVER  PHOTO  BY  FURNALD/GRAY 


Michael  Young,  State 
Street  Global  Advisors’ 
chief  information 
security  officer, 
bemoans  the  lack  of 
quantifiable  values  for 
security  staff.  But 
things  are  looking  up. 
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CASE  FILES  I  RELATIONSHIP  MANAGEMENT 
Smooth  Selling  Ahead  I  54 

Empire  Blue  Cross  and  Blue  Shield  slashed  its  sales  cycle  from 
27  days  to  just  two  or  three  with  the  help  of  sales-force  automation 
software.  By  Simone  Kaplan 


WIRELESS 

Wireless  That  Works  I  60 

How  five  companies  jumped  five  hurdles  of  wireless  technology: 
budgetary  constraints,  security,  bandwidth,  scalability  and  resist¬ 
ance  to  change.  By  Danielle  Dunne 


A  mural  reflects  the 
sectarian  struggles 
in  Northern  Ireland. 

See  how  your  European 
counterparts  plan 
for  terrorism  and 
disasters.  68 


SECURITY  PLANNING 
Living  with  Terror  I  68 

When  it  comes  to  dealing  with  terrorism,  American  companies 
have  a  lot  to  learn  from  European  businesses. 

By  Malcolm  Wheatley 

PERSONALIZATION 
Getting  to  Know  You  I  76 

A  guide  to  Personalization  101,  brought  to  you  by  three  companies 
that  are  doing  it  right.  By  Meridith  Levinson 
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BrightStor™  Storage  Management  Solutions 

For  years,  storage  management  has  been  an  ever-increasing  cost,  not  a  source  of  potential 
opportunity.  But  that's  all  about  to  change.  Because  we've  created  BrightStor,  the  most 
comprehensive  suite  of  end-to-end  storage  management  solutions  on  the  market.  BrightStor 
lets  you  leverage  your  resources  and  data  across  your  entire  enterprise,  regardless  of 
platform  or  protocol.  In  fact,  BrightStor  is  the  only  suite  of  solutions  that  supports  all 
three  industry  models  — DAS,  NAS  and  SAN -cross-platform.  Which  means  you  can  look 
at  your  eBusiness  needs  as  a  whole,  not  piece  by  piece.  So  you  can  optimize  your  resources 
across  your  entire  storage  infrastructure.  And,  most  importantly,  you  can  do  more  than  just 
store  information.  You  can  actually  use  it. 
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HELLO  TOMORROW 


WE  ARE  COMPUTER  ASSOCIATES 


THE  SOFTWARE  THAT  MANAGES  eBUSINESS'1 


ca.com/storage 


©2001  Computer  Associates  International,  Inc.  (CAI.  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 


When  your  company’s  information  availability  is  riding  on  you. 


Access  to  critical  business  information.  It  can 
disappear  faster  than  you  can  say  Hi  Yo,  Silver!™ 
With  the  SunGard  Availability  Services  net  beneath 
you,  your  access  to  your  critical  business  information 
is  there,  without  fail.  More  than  5,000  companies  rely 
on  our  affordable,  responsive  services,  24/7/365. 

Get  the  net  beneath  you: 

INFORMATION  AVAILABILITY 
MANAGED  HOSTING 
CONSULTING 

Don’t  go  it  alone.  Get  the  people  and  technology 
of  the  SunGard  net  beneath  you.  We’re  ready  to  ride. 
Learn  more  at:  www.sungard.com/availability 


Now,  Comdisco®  Continuity  Services 


^  is  part  of  SunGard ’s  net  beneath  you. 

Our  combined  synergies  offer  you  the  broadest 
range  of  high  availability  options,  unparalleled  depth 
of  technical  expertise,  as  well  as  more  redundant 
facilities,  equipment  and  networks  across  North 
America  and  Europe. 
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Sun  ONE.  The  software  platform  that  will  unleash 
the  untapped  horsepower  of  your  IT  infrastructure. 


What's  the  value  of  integrating  your  information  assets?  That's  an  easy 
one.  More  services,  bigger  savings,  greater  profits,  right?  You'll  get 
better  customer  service,  tighter  supply  chains  and  achieve  increased 
productivity.  Sounds  great,  so  how  do  you  do  it?  With  Web  Services? 
How  do  you  wrangle  those  resources  together  without  ripping  out 
and  replacing  everything?  Or  without  a  massive  development  project? 
Or  without  crushing  your  bottom  line?  Oh  yeah,  and  how  do  you  make 
it  future-proof,  adaptable  to  whatever  platforms,  technologies  or 
thingamabobs  show  up  tomorrow?  Sun™  ONE  is  the  answer. 


IT'S  THE  FUEL-INJECTED  JAVA " 

AND  XML  SOFTWARE  PLATFORM. 

Sun  ONE  is  a  software  platform  of  rock-solid 
products  that  lets  you  integrate  whatever 
services  you  demand.  And  you  can  leverage 
the  power  of  your  legacy  systems  to  launch 
services  today  without  locking  you  into  a 
dead-end  solution  tomorrow.  Sun  ONE 
includes  the  iPlanet™  product  portfolio, 
with  the  most  popular  LDAP  directory 
server  on  the  market,  and  Forte™  for  Java™ 
tools,  the  quickest  way  to  write  Java  apps 
anywhere.  And  it's  all  built  with  Java  and 
XML  technologies,  supports  SOAP,  WSDL 
and  UDDI,  and  runs  on  Solaris1"  the  #1  UNIX® 
operating  environment. 


Visit  wvwv.sun.com/sunoneinfo  to  register  to  receive  the  Sun  ONE  starter  kit  and  join  the  online  Sun  ONE  community. 


take  it  to  the  n1” 
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U  DC  LOU  D 


The  world  is  unpredictable.  Your  Internet  operations  shouldn’t  be.  Our 
advanced  Opsware  automation  technology  can  help  your  business  save  money, 

reduce  downtime,  and  deploy  web  content  faster  than  ever. 

To  find  out  how  Loudcloud’s  automation  technology  can  streamline  your 
Internet  operations,  read  our  white  paper  at  www.loudcloud.com/cio 

or  call  866-259-1550. 


LOUDCLOUD" 

Seriously  Reliable  Internet  Operations™ 


-US  THIS  DAY:  OUR  DAILY  WEB 


DAILY  In  the  News  Web  Editor  Ryan  Mulcahy  analyzes  and  condenses 
need-to-know  business  news,  www.cio.com 

MON  DAY  Tech  Tact:  New  Tools  for  New  Jobs  Technology  Editor 
Christopher  Lindquist  on  what’s  coming  and  what  it’s  good  for. 
www.cio.com/techtact 


TUESDAY  CIO  Radio  Listen  in  as  Web  Writer  Danielle 
Dunne  talks  with  notable,  quotable  experts  on  critical  IT 
issues,  www.cio.com/radio 

WEDNESDAY  Metrics  Web  Writer  Jon  Surmacz  finds 
the  industry  numbers  that  matter  from  the  country’s  most 
reputable  analysts,  www.cio.com/metrics 

THURSDAY  Sound  Off  Lor  opinions  on  managerial, 
political  and  ethical  dilemmas  that  confront  CIOs  daily, 
read  the  column  that  takes  a  stand.  Written  by 
Executive  Web  Editor  Martha  Heller  and  others. 

comment.cio.com 


FRIDAY  The  35  Cent  Consultant  Questions  about  strategy?  Staffing? 
Integration?  Executive  Editor  Derek  Slater  gives  readers  advice  that’s  worth 
every  penny,  www.cio.com/35cent 
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ASK  THE  SOURCE  Wireless  and  security 
John  Halamka,  CIO  of  CareGroup  Systems,  suc¬ 
cessfully  secured  Beth  Israel  Deaconess  Medical 
Center's  wireless  LAN  (see  “Wireless  That  Works,” 
Page  60).  Now  he’s  working  out  the  problems  of 
integrating  PalmPilots  into  the  system.  For  the  next 
two  weeks,  find  out  what  he  knows  as  he  answers 
your  questions  online  about  wireless  security. 

TALK  BACK  Will  ROSI  formulas  work  for 
your  company? 


EXECUTIVE 

Informative  Newsletters 

Sign  up  for  one  of  CIO's  e-mailed 
newsletters  to  stay  on  top  of  man¬ 
agement  issues,  XSP  trends, 
enterprise  solutions— even  what’s 
new  on  the  site,  www.cio.com 


CftilrEHira 


Are  Web  services  ready  for  prime  time? 

John  Hagel,  John  Seely  Brown  and  Dennis  Layton- 
Rodin  tell  us  what  they  think  in  this  issue’s  Keynote 
column  "Go  Slowly  with  Web  Services”  (Page  36). 
Go  to  CIO.com  to  tell  us  what  you  think. 


CIO  Research  Reports 

Your  peers  have  weighed  in  on 
such  subjects  as  user  support  and 
IT  disaster  preparedness.  This 
month,  read  the  results  of  our 
latest  staffing  survey,  the  third  in 
a  series  started  in 
November  2000.  We 
gauge  such  trends  as 
turnover  rates  and 
support-staff-to-user 
ratios.  Check  out 
what  other  CIOs  had 
to  say,  and  find  out 
where  you  stand. 
www2.cio.com/ 
research 


Researchers  and  academics  have  come  up  with 
hard  numbers  to  prove  ROSI,  the  ROI  of  security 
investments  (see  “Finally,  a  Real  Return  on 
Security  Spending,”  Page  42).  Do  you  foresee 
being  able  to  plug  these  formulas  into  your  calcu¬ 
lations?  Are  you  under  the  gun  to  prove  ROI  before 
you  can  invest  in  security?  Give  us  your  opinion. 

LEARN  MORE  Life  during  wartime 

Jan  Popkin  knows  all  about  living  with  terrorism 
(see  “Living  with  Terror,”  Page  68).  His  enterprise 
software  modeling  company  is  split  between 
offices  in  Manhattan— near  the  site  of  the  World 
Trade  Center— and  England.  Terrorist  attacks  have 
taught  him  to  devise  strategies  for  staying  in  touch 
with  employees.  Go  online  to  read  his  story. 


Find  the  links  to  these  and  other  resources  in  the 


WEB  CONNECTIONS  box  at  www.cio.com. 
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Make  Microsoft  Email 

Unbreakable 


Run  Microsoft  Outlook  email 
on  Oracle  Database  Clusters. 
Can't  break  it.  Can't  break  in. 


oracle.com/email 
or  call  1.800.633.1062 


Copyright  ©  2001  Oracle  Corporation.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation. 
Other  names  may  be  trademarks  of  their  respective  owners. 


©  2000-2001  Research  In  Motion  Limited  (RIM).  AJI  rights  reserved. 
BlackBerry  is  an  end-to-end  wireless  email  solution  developed 
by  RIM.  BlackBerry.  the  BlackBerry  logo,  the  "envelope  in  motion" 
symbol.  RIM.  the  RIM  Wireless  Handheld  family  of  marks  and 
the  RIM  logo  are  trademarks  or  registered  trademarks  of  RIM 


Give  your  organization  the  jolt  it  needs  to  stay  ahead  of  the  competition.  Get  BlackBerry™  - 
it’s  wireless  email  for  the  enterprise.  So  your  team  can  communicate  wherever  they  go  -  and  you 
can  relax  knowing  that  BlackBerry  is  engineered  to  meet  your  strict  security  standards.  In  fact, 
with  end-to-end  Triple  DES  encryption  technology,  BlackBerry  allows  for  the  authentication, 
integrity  and  confidentiality  of  all  incoming  and  outgoing  messages.  BlackBerry  is  the  only 
complete  solution  that  includes  powerful  wireless  handhelds,  enterprise  server  software 
and  nationwide  coverage.  You  might  say  it’s  wireless  email  that  fuels  your  business  day. 


WWW.BLACKBERRY.NET 

INFO@BLACKBERRY.NET 


BLACKBERRY 

WIRELESS  EMAIL  SOLUTION 


From  the  Editor 

lu  ndbcrg@cio.com 


For  a  copy  of  the  “CIO 
Cyberthreat  Response  & 
Reporting  Guidelines’’— 
which  includes  Who  to  Call 
in  Law  Enforcement;  a  list 
of  Reporting  Bodies  & 
Resources  for  Incident 
Response;  contact  information 
for  FBI  and  U.S.  Secret 
Service  Field  Offices;  and  a 
standard,  first-alert  Report 
Form— go  to  www.cio.com/ 
research/security/response. 


Response 

CIOS  ARE  OFTEN  EXHORTED— by  this  publi- 
cation  as  well  as  by  law  enforcement  groups — to 
report  network  security  breaches.  Many  organiza¬ 
tions  are  reluctant  to  do  so,  for  a  whole  host  of  rea¬ 
sons.  But  in  the  months  since  Sept.  11,  I’ve  come 
to  realize  that  reluctance  is  not  the  only  barrier  to 
effective  response  and  reporting.  Many  executives 
simply  don’t  understand  how  to  respond  to  a  com¬ 
puter  security  incident,  who  to  contact  in  the  event 
of  an  incursion  or  what  to  tell  them.  That  prompted 
me  to  launch  an  initiative  to  develop  “Cyberthreat 
Response  &  Reporting  Guidelines.” 

An  organization  must  respond  in  some  way  to  a 
computer  security  breach;  the  better  prepared  it  is  to 
respond  quickly  and  effectively,  the  better  chance  it 
will  have  to  minimize  the  damage.  These  guidelines, 
developed  in  collaboration  with  industry  profession¬ 
als  and  law  enforcement,  are  intended  to  provide  a 
framework  for  developing  a  cyberthreat  response 
and  reporting  capability. 

The  initiative  has  a  modest  goal.  We  restricted 
our  recommendations  to  reporting  incidents  that 
are  an  attack  on  information  systems  or  data  (com¬ 
puter  and/or  Internet  security).  We  did  not  attempt 
to  address  other  types  of  cybercrime  such  as 
Internet  fraud  or  pornography. 

Creating  and  maintaining  a  secure  information 
environment  is  difficult,  expensive  and  complicated. 
Incident  response  is  itself  a  complex  subject,  includ- 


Ability 

ing  the  sometimes  difficult  decision  of  whether  to 
share  any  information  at  all.  There  are  excellent 
resources  available  to  help  CIOs  and  chief  infor¬ 
mation  security  officers  (CISOs)  understand  and 
address  these  challenges;  you’ll  find  some  of  them 
listed  as  part  of  the  guidelines  under  “Resources” 
at  www.  cio.  com/resear  chi 'security /response. 

We  believe  that  reporting  cybercrime  and  network 
attacks  is  the  right  thing  to  do.  Only  by  sharing  infor¬ 
mation  with  law  enforcement  and  appropriate 
industry  groups  will  we  be  able  to  prosecute  cyber¬ 
criminals,  identify  new  cybersecurity  threats,  and 
prevent  attacks  on  our  critical  infrastructures  and 
our  economy.  Law  enforcement’s  ability  to  identify 
coordinated  efforts  by  cybercriminals  is  directly  tied 
to  the  amount  of  reporting  that  takes  place. 

You  may  be  reluctant  to  share  information  re¬ 
garding  the  impact  to  your  business  and  the  sen¬ 
sitivity  of  the  data  involved  in  a  security  breach. 
While  I  won’t  try  to  make  the  case  for  trusting 
specific  agencies  or  organizations,  I  will  encourage 
you  to  learn  more  about  how  they  handle  sensi¬ 
tive  information. 

My  sincere  thanks  to  the  CIOs,  CISOs  and  rep¬ 
resentatives  from  law  enforcement  who  devoted 
time  and  attention  to  this  effort  (a  list  of  contribu¬ 
tors  is  included  in  the  guidelines).  During  this 
period,  they  certainly  had  other  urgent  demands 
on  their  attention. 
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NTT  Communications  Group  Offices 

Japan  •  USA  •  Brazil  •  UK  •  France  •  Germany  •  Netherlands  •  Belgium  •  Switzerland  •  Italy  •  Spain  •  Korea  •  China 
•  Hong  Kong  •  Taiwan  •  Vietnam  •  Thailand  •  Indonesia  •  Singapore  •  Malaysia  •  Philippines  •  Sri  Lanka  •  Australia 

*  A  full  service  offering  may  not  be  available  in  some  areas. 


www.ntt.com/verio 

For  further  information,  contact  : 
NTT  Communications  Corporation, 
nttverio@ntt.com 


Now  that  NTT  Communications  has  joined 
forces  with  Verio,  there's  a  solutions  provider 
with  the  power  to  meet  your  Internet  needs 
end-to-end  and  top-to-bottom. 


As  NTTA/ERIO,  we  operate  a  global  Tier  1 
IP  network  with  an  industry-leading  SLA.  We 
offer  seamlessly  integrated  IP  solutions,  from 
maximally-secure  VPNs  and  fail-safe  hosting 
to  consultation  and  24/7  maintenance.  Our 
one-stop  solutions  also  cover  ATM  and  Frame 
Relay,  supplied  through  our  Arcstar  global 
managed  data  network  services. 


Just  as  importantly,  we  have  the  breadth  of. 
experience  and  the  deep  financial  resources 
that  are  your  best  assurance  we'll  be  there  to 
support  you  for  a  long  time  to  come. 


You  want  to  go  farther. 

You  need  an  IP  solutions  provider 
that  can  go  the  distance. 


GLOBAL  SLA 


AMERICAS 


EUROPE 


DATA  CENTER 


GLOBAL  IP  NETWORK 


JAPAN 


GLOBAL  SERVER  LOAD  BALANCING 
(Smart  Content  Delivery) 


IP-VPN 

(IP  Sec  Type;  Global  IP 
Security  Gateway  Service) 
(Multi-protocol  label 
switching  (MPLS)  Type) 


NTT /VERIO 
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Reader  Feedback 


NO  ONE  WANTS  TO  WASTE  MONEY 

I  am  a  software  engineer  with  more  than  20  years  of  experience,  and  I  read  your  article 
[“Let’s  Stop  Spending  $78  Billion  a  Year,"  Oct.  15,  2001]  with  interest.  I  have  been 
saying  exactly  the  same  thing  for  years,  although  it  comes  as  no  surprise  to  learn  that 
my  employers  have  so  far  ignored  me. 

I  would  like  to  draw  your  attention  to  a  possible  downside  to  some  of  the  solutions 
in  your  article— a  downside  that  I  saw  in  operation  twice  during  the  1990s. 

In  your  article,  various  people  talk  about  effectively  paying  by  installment  based  on 
quality  and  performance,  or  renting  software,  or  other  forms  of  withholding  payment 
until  satisfied.  There  is  an  operational  problem  with  all  of  these  approaches,  however— 


the  time  and  effort  (not  to  mention  the 
cost  and  retraining)  of  swapping  one 
software  product  for  another.  And  all 
of  that  presupposes  that  you  can  find 
a  suitable  replacement  that  contains 
all  of  the  operational  functionality 
that  you  are  looking  for — for  exam¬ 
ple,  that  the  competition  has  not  been 
driven  out  of  the  market  in  the  mean¬ 
time.  Many  software  vendors  know 
that  once  a  company  has  invested  sig¬ 
nificant  time,  effort  and  resources  to 
implement  a  software  solution  they  are 
reluctant  to  change. 

If  a  vendor  can  captivate  a  client  long 
enough  for  either  a  change  of  manage¬ 
ment  thinking  or  for  the  client  to  get 
the  impression  that  the  cost  of  chang¬ 
ing  is  too  great,  then  the  vendor  has 
achieved  the  same  result  anyway.  Dur¬ 
ing  a  period  of  time,  the  products  and 
services  will  degrade  until  they  reach 
the  same  or  worse  level  than  they  cur¬ 
rently  are,  and  the  financial  costs  will 
rise  to  compensate  for  the  initial  hon¬ 
eymoon  period. 

In  my  opinion,  we  should  make  soft¬ 
ware  developers  and  vendors  liable 
under  international  law  for  breaches  of 
contract,  losses  due  to  negligence  or 
faulty  goods,  and  for  the  recall  of  faulty 
goods  and  the  cost  to  fix  them.  Basi- 
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DRUG  COMPANIES  ON  SPEED 


Got  Wireless  Apps?  Get  Ready 
to  Throw  Them  Out. 

Collaborative  Manufacturing 


cally  make  software  a  commodity  and 
apply  a  standard  retail  and  consumer 
protection  law  to  it. 

Peter  Stanhope 

Software  Engineer 
Melbourne,  Australia 


The  problem  with  software  vendors 
rushing  buggy  products  to  market  is 
ancient,  but  the  scope  of  abuse  has 
increased  enormously  in  the  past 
decade.  As  an  example,  Ashton-Tate 
grew  in  a  flurry  of  impressive  market¬ 
ing  in  the  early  ’80s.  For  years,  the 
company  sold  “relational  database 
products”  that  were  unreliable  and 
unrelational.  It  wasn’t  until  DB  III, 


when  it  started  selling  to  larger  enter¬ 
prises,  that  one  major  customer  sued 
them  for  false  advertising  and  products 
that  outright  didn’t  work.  That  cer¬ 
tainly  got  Ashton-Tate’s  attention. 

We  need  a  consortium  of  Microsoft 
users  to  sue  a  company  that  does  not 
even  believe  in  trying  to  sell  bug-free 
software.  To  quote  Bill  Gates,  “In 
today’s  marketplace,  time  to  market  is 
critical.  We  release  software  quickly 
and  fix  the  bugs  in  later  releases.” 
Having  seen  the  same  major  bugs  in 
basic  functions  in  release  after  release, 
I  no  longer  wonder  if  Microsoft  cares 
about  the  quality  of  its  products. 

The  company  has  set  a  new  low 
among  manufacturers  for  expectation 
of  quality.  Many  of  the  jokes  com¬ 
paring  its  products  to  GM  products 
are  funny  because  they  are  true.  But  is 
it  funny  anymore?  Many  studies  have 
concluded  that  Microsoft  has  cost  the 
United  States  and  world  economies 
hundreds  of  billions  of  dollars  in  lost 
productivity.  When  will  we  lose  our 
fascination  with  antiquated  GUI  not 
even  invented  by  Microsoft?  Until  that 
company  is  put  in  its  rightful  place, 
true  innovation  in  the  world  of  PC  and 
telecom  devices  will  not  proceed. 

Paul  Tiffany 
CEO 
HelpTeam 
Tarzana,  Calif. 
ptiffany@belpteam.net 


WHAT  DO  YOU  THINK? 

Send  your  thoughts  and  feedback 
to  letters@cio.com.  Letters  may  be 
edited  for  length  or  clarity. 
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Getting  a  19th-century  building  ready  for  21st-century  business  is  no  small  feat. 
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HOW  DID  SALESFORCE.COM  ADD  MORE 
CUSTOMERS  IN  THE  PAST  TWO  YEARS 
THAN  ANY  OTHER  CRM  COMPANY? 


Is  Siebel  7.0  too  Little,  too  Late? 

. .  .Siebel  faces  increasingly  strong  competition  from  .7 
competitors  such  as  salesforce.com  . . .  Siebel  is  known 
for  lengthy  and  expensive  implementations. 

Hurwitz  Group,  Trendwatch 


“Six  months  and  half-a-million  dollars  later,  companies  that 
chose  traditional  client/server  CRM  vendors  still  had  nothing 
to  show  for  it.  With  salesforce.com,  we  have  results.” 

Michael  Blumenthal 

Vice  President  and  Chief  Technology  Officer,  Essex  Corporation 


“With  the  help  of  salesforce.com,  we  are  a  more  successful  enterprise. 
It  gives  us  a  more  coherent  culture  and  makes  us  more  competitive.  It 
has  been  bottom-line  profitable  for  us  within  six  months.  I  just  don't 
see  how  you  can  help  but  make  money  using  this  product.” 

Donald  Putnam 

Chairman,  Putnam  Lovell  Securities 


In  less  than  two  years,  salesforce.com  moved  from  start-up  to  number  two  in  CRM 
customers  served.*  Where  did  the  established  CRM  companies  go  wrong?  Simple.  By  the 
time  their  customers  bought  all  the  hardware,  installed  the  software,  and  completed 
customization,  their  businesses  had  changed.  Given  today’s  pressure  on  profits  and  rev¬ 
enues,  business  is  moving  to  salesforce.com,  the  world's  largest  online  customer 
relationship  management  service — including  over  3,000  companies  such  as  Adobe 
Systems,  Autodesk,  Wachovia  and  Siemens  PT&D.  See  how  fast  your  company  can 
benefit.  Call  1-800-NO-SOFTWARE,  or  visit  www.salesforce.com  and  enter  Promo 
Code  Q0213  to  activate  your  FREE  30-day  test  drive. 


salesforce.com 

0 


#1  in  Online  CRM 


SALES  /  SERVICE  /  MARKETING 


"Based  on  total  customers  according  to  recent  Morgan  Stanley  report. 


©2001  salesforce.com.  salesforce.comanditslogoaretrademarksofsalesforce.com.  All  other  trademarks  are  acknowledged.  Even  Siebel’s. 
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PRIVACY 


Speed  Trap 

By  Sarah  Johnson 

WHILE  DRIVING  FROM  Connecticut  to 
Virginia  in  a  rented  van  in  October  2000, 
James  Turner  got  busted  for  speeding.  He 
wasn’t  pulled  over  and  didn’t  receive  a 
ticket,  but  his  debit  card  was  charged  $450. 

While  tracking  Turner’s  travels  through 
several  states,  a  GPS  device  installed  in  the 
car  recorded  each  time  he  drove  more  than 
79  mph  for  at  least  two  minutes.  With  each 
occurrence,  AirlQ — a  Toronto-based  wire¬ 
less  ASP  that  installs  and  monitors  the 
devices — sent  a  fax  to  Acme,  Turner’s  New 
Haven,  Conn. -based  rental  car  company, 
which  subsequently  charged  his  debit  card 
$150.  Turner  claimed  he  hadn’t  seen  the 
clause  in  his  rental  contract  that  said 
“Vehicles  driven  in  excess  of  posted  speed 
limit  will  be  charged  $150  per  occurrence. 

All  our  vehicles  are  GPS  equipped.”  As  a 
regular  customer  of  Acme  who  had  seen 
the  contract  before,  he  didn’t  feel  a  need 
to  read  it  over.  He  went  to  small  claims 


court  hoping  to  recoup  his  money. 

The  result  has  been  15  minutes  of  fame 
for  Turner  (including  appearances  on 
CNN,  Dateline,  Good  Morning  America, 
MSNBC  and  the  Today  show,)  and  a  year¬ 
long  case  that  now  sits  in  the  hands  of  the 
Connecticut  Department  of  Consumer 
Protection.  A  simple  contract  dispute  has 


Department 

°BIG, 

ocary 

Numbers 


U.K.  companies  illegally  trading  online:  44 
PERCENT  .  Companies  measuring  e-busi- 
ness  ROI  in-house:  59  PERCENT,  it 

and  e-commerce  projects  that  either  fail  or 
are  completed  over  budget  with  less  function¬ 
ality  than  planned: 

Predicted  B2C  e-commerce  revenues  in  the 
United  States  by  2005:  $156  BILLION. 

Sources:  London  Chamber  of  Commerce,  Jupiter 
Media  Metrix,  Standish  Group,  eMarketer 


turned  into  a  debate  over  what  limits — if 
any — should  be  placed  on  the  uses  of  GPS 
technology  and  what  rights — if  any — com¬ 
panies  have  to  monitor  their  customers. 

Attorney  Bernadette  Keyes,  who  repre¬ 
sents  four  consumers  including  Turner, 
claims  the  devices  are  an  invasion  of  pri¬ 
vacy  and  their  use  violates  the  state’s  Unfair 
Trade  Practices  Act.  “There’s  got  to  be  full 
disclosure  as  to  how  this  technology  can 
be  used.”  says  Keyes.  On  the  orders  of  the 
Department  of  Consumer  Protection’s 
commissioner,  Acme  modified  its  contract 
to  make  the  clause  about  the  GPS  devices 
more  explicit. 

After  a  1999  speeding  accident  raised 
its  insurance  premiums,  Acme  was  easily 
won  over  by  the  promises  of  GPS.  Whether 
it  can  continue  using  the  devices  is  up  to  the 
state.  Max  Brunswick,  Acme’s  attorney, 
says  he  would  appeal  a  cease-and-desist  rul¬ 
ing.  “There’s  nothing  unfair  or  deceptive 
about  using  these  devices,”  he  says. 
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ILLUSTRATION  BY  HARRY  CAMPBELL 


David  Haupt 
CIO 

Edmunds.com 


Edmunds -www.edmunds.com -“Where  Smart  Car  Buyers  Start 
The  most  comprehensive  and  impartial  automotive  information 
business  philosophy  V—  when  you’re  buying  a  car,  what  you  don’t  know  can  hurt  you 
defining  internet  moment  l —  When  syndication  partners  increased  our  traffic  tenfold 


It’s  not  just  e- Business. 
It’s  Real  Business. 


The  Edmunds  brand  has  been  serving  car-shoppers  for  more 
than  35  years,  and  Digex  has  been  managing  Edmunds. corn’s 
Web  site  for  more  than  five  years. 

In  1994,  Edmunds.com  became  the  first  company  to 
provide  consumer  automotive  information  on  the  Internet 
by  posting  its  vehicle  pricing  on  an  Internet  Gopher  site. 
In  2000,  Edmunds  became  the  first  source  of  vehicle 
data  for  users  of  wireless  Web-enabled  devices. 
Today,  hundreds  of  Web  sites,  including  the  world’s 
three  largest  portals,  use  Edmunds. corn’s  syndicated 
content  to  educate  car-shoppers. 

Digex  provides  full  management  of  the  Edmunds.com 
Web  site  so  they  can  focus  on  their  mission: 
empowering  the  automotive  consumer. 

To  learn  how  Digex  can  empower  your  site,  call 

1 .866.344.3997  or  visit  www.digex.com/hosting. 


trendlines 


Washington  Watch 

v _ J  Edited  by  Elana  Varon 

Fight  Against  Cybercrime  Goes  Global 


A  NEW  TREATY  between  the  United 
States  and  more  than  two  dozen  other 
nations  will  help  multinational  companies 
stop  cybercriminals — but  this  help  will 
come  at  a  cost.  Corporate  IS  departments 
will  have  to  spend  more  money  on  net¬ 
work  surveillance  technology  for  evidence 
gathering  and  on  support  staff  to  assist  for¬ 
eign  governments  chasing  international 
hackers.  Also,  the  treaty  does  nothing  to 
guarantee  companies  that  any  confidential 
data  they  give  foreign  officials  in  the  course 
of  an  investigation  will  be  kept  private. 

The  Convention  on  Cybercrime  calls  for 
law  enforcement  officials  in  29  participating 


countries  to  establish  uniform  rules  for 
cooperating  on  international  cases,  such  as 
when  a  U.S.  company’s  servers  in  another 
country  are  used  to  commit  a  crime  or  are 
hacked  by  an  overseas  criminal.  Jeffrey 
Pryce,  an  attorney  at  Steptoe  &  Johnson  in 
Washington,  D.C.,  says  that  to  solve  such 
cases,  law  enforcement  officials  need  help 
from  the  corporate  victims. 

When  a  company  helps  investigators,  it 
can  end  up  spending  tens  of  thousands  of 
dollars  on  tools  for  gathering  evidence  and 
on  dedicating  staff  for  the  inquiry,  says 
Pryce.  At  home,  the  U.S.  government  helps 
companies  defray  these  costs,  but  that’s  not 


Government-Approved  Security 


n  ft'.' 

Rep.  Connie 
Morelia  f  *  , 


^  UNDER  A  LAW  passed  by  Congress  last  fall,  the  government  will  make 
^  its  future  reviews  of  information  security  products  available  to  the  public, 

<  Jfl  and  CIOs  can  use  these  assessments  to  make  purchasing  decisions. 

The  law,  sponsored  by  Rep.  Connie  Morelia  (R-Md.),  orders  the 
Commerce  Department  to  set  information  security  standards  for  the 
^  ?S  government’s  civilian  agencies  and  list  hardware  and  software  products 
!  fJI-T  that  meet  those  standards.  Product  tests  conducted  by  independent  labs 
V  ,  \  will  be  rigorous,  says  Tony  Stanco,  senior  policy  analyst  at  George  Wash¬ 
ington  University’s  Cyberspace  Policy  Institute,  because  government 
agencies  are  tired  of  being  embarrassed  by  security  breaches. 

CIOs  in  the  private  sector  have  a  hard  time  getting  neutral  information  about 
the  capabilities  of  security  products  because  analysts  and  consultants  haven't 
succeeded  in  deflating  vendors’  marketing  hype.  The  competition  for  a  good 
rating  from  the  government  will  keep  security  vendors  honest,  says  Stanco. 

The  law  doesn’t  give  the  government  a  deadline  for  getting  its  product  reviews 
out  to  the  public,  but  an  aide  to  Morelia,  who  asked  not  to  be  named,  expects 
the  information  to  be  available  within  six  months  to  a  year.  -S.V. 


always  going  to  be  the  case  when  a  foreign 
government  investigates,  says  Bruce  Mc¬ 
Connell,  president  of  McConnell  Inter¬ 
national,  a  business  and  technology  consul¬ 
tancy  in  Washington,  D.C. 

Also  missing  from  the  treaty  is  a  guar¬ 
antee  that  companies  sharing  information 
with  foreign  governments  to  solve  cyber¬ 
crimes  will  have  their  privacy  protected,  as 
it  is  in  the  United  States.  That  means  CIOs 
need  to  think  ahead  about  how  a  foreign 
country’s  privacy  laws  affect  how  much 
they’ll  cooperate  with  investigations. 

The  U.S.  Senate  needs  to  ratify  the  treaty, 
but  the  Senate  Foreign  Relations  Commit¬ 
tee  headed  by  Sen.  Joseph  Biden  (D-Del.) 
had  not  announced  any  action  on  it  at  press 
time.  However,  many  countries,  including 
the  United  States,  will  start  cooperating  on 
computer  crime  investigations  based  on  the 
treaty  even  before  it’s  officially  ratified,  says 
McConnell.  -Stephanie  Viscasillas 

Would  a  government-approved  list  of  security 
products  help  you  keep  your  systems 
hacker-proof?  E-mail  Senior  Editor  Elana 
Varon  at  evaron@cio.com.  Editorial  Assistant 
Stephanie  Viscasillas  can  be  reached  at 
sviscasillas@cio.com. 


It  is  time  to  update  an  outdated  tax  code  to  reflect  the  realities  of  today’s  technology-based 
workplace.  A  five-year  depreciation  schedule  for  high-tech  equipment  is  no  longer  realistic. 


-Rep.  Jerry  Weller  (R-lll.) 
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Synygy  has  a  ten-year  history  of  successfully  implementing  Enterprise  Incentive  Management  (EIM) 
software  on  time,  within  budget,  and  with  consistently  high  client  satisfaction. 

Synygy  has  helped  Sun  Microsystems,  6E  Lighting,  DuPont,  Bausch  &  Lomb,  Fleet  Mortgage  Group,  Johnson  &  Johnson,  Coors  Brewing,  Siemens,  and  dozens  of 
other  Global  2000  companies  turn  their  variable  pay  plans  from  an  operational  hassle  into  a  strategic  advantage. 

Synygy  delivers  “software  as  a  service”— providing  a  full  spectrum  of  EIM  solutions  from  enterprise  software  to  ASP  to  complete  plan  management 
outsourcing— all  with  no  up-front  cost  to  purchase  software. 

Visit  www.synygy.com  today  to  request  free  white  papers  and  case  studies.  Or  call  us  at  610-664-7433  x7970  to  learn  about  The  Synygy  Guarantee  and  why 
our  success  has  made  us  the  largest  provider  of  EIM  software  and  services.  We  guarantee  that  you  too  will  be  satisfied  with  your  Synygy  EIM  solution  — or 
we’ll  give  you  your  money  back! 


www.synygy.com 

Copyright  ©  2001  Synygy  Inc.  and  Masterfile.  All  Rights  Reserved. 
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SECURITY 


Big  Brother  Is  Watching 


By  Scott  Berinato 


TWO  TRADITIONALLY  DISTINCT  realms 
of  security' — the  physical  world  with  guards, 
swipe  cards  and  security  cameras,  and  the 
virtual  world  dominated  by  firewalls,  pass¬ 
words  and  cryptography — are  quickly 
meshing  in  the  post-Sept.  1 1  environment. 
Expect  new  Mission:  Impossible- like  sys¬ 
tems  that  scan  retinas,  but  also  plan  on 
everyday  technologies  getting  spiffed  up, 
integrated  and  Web-enabled. 

For  example,  a  company  called  WebEye- 
Alert,  in  Chelmsford,  Mass.,  has  built  soft¬ 
ware  that  links  closed-circuit  TV  (CCTV) 
surveillance  systems  to  the  Web.  WEA  is  a 
division  of  Biscom,  a  fax  server  company. 
Fax  servers  are  built  around  digital  imaging 
technology,  so  Biscom  simply  applied  its 
patents  to  the  world  of  surveillance  imag¬ 
ing.  The  WebEyeAlert  DVR  system 
enhances  existing  CCTV  by  allowing  any¬ 
one  with  properly  authorized  access  and  a 
browser  to  control  the  cameras — zoom,  tilt, 


Smile  (and  behave), 
you’re  on  camera. 


pan  and  so  forth — remotely  from  a  com¬ 
puter.  The  software  also  recognizes  move¬ 
ment  in  the  picture  and  can  send  out  alerts 
if  a  specified  level  of  movement  is  crossed. 

These  systems  are  already  being  used  to 
proactively  prevent  school  violence.  The  high 
school  in  Londonderry,  N.H.,  installed  a 
$77,000  WEA  system  with  48  cameras  (and 
16  more  planned)  in  the  school’s  common 
areas.  Chuck  Zappala,  who  heads  the  proj¬ 


ect,  can  check  out  what’s  going  on  in  the 
middle  of  the  night  from  his  home  and  has 
given  specific  rights  to  police  and  fire  patrols 
to  access  the  cameras  from  the  outside  of 
the  building  in  case  of  fire  or  other  emer¬ 
gency.  Determining  who  will  control  the  uni¬ 
fied  physical  and  virtual  security  is  one  of 
the  remaining  challenges. 

Unfortunately,  what  prompted  Zappala  to 
buy  the  system  was  a  raft  of  threats — eight  in 
two  weeks  including  some  bomb  threats  at 
the  school.  The  school  shut  down  for  two  days 
and  reopened  with  an  atmosphere  hardly  con¬ 
ducive  to  learning,  as  police  used  metal  detec¬ 
tors  to  conduct  searches.  Since  the  system  was 
installed,  two  threats  were  squelched  without 
anyone  having  to  enter  the  building.  “It’s 
working  incredibly  well,”  Zappala  says.  “In 
one  case  we  were  able  to  dismiss  the  threat, 
and  in  another  we  located  students  we  felt 
were  involved.”  As  an  added  boon,  graffiti 
has  all  but  disappeared,  Zappala  says. 


Not  Just  Beanie  Babies 


By  Stephanie  Overby 


I.T.  EXECUTIVES  ARE  spending  a 
lot  more  time  on  eBay  these  days,  but 
they’re  not  looking  for  Laverne  and 
Shirley  lunch  boxes.  In  today’s  economic 
climate,  CIOs  looking  to  save  money  on 
their  technology  purchases  are  hitting 
the  online  auctioneer  in  search  of  high- 
end  products  at  lower  price  points— and 
they’re  finding  them. 

Etienne  Handman,  CTO  for  E-Loan,  a  Dublin,  Calif.-based 
online  lending  company,  says  he  recently  scored  a  barely  used 
$60,000  Sun  E4500  server  on  eBay.  His  price— $20,000. 
Handman’s  company  has  lowered  its  IT  costs  by  11  percent  a 
year— in  part  by  buying  things  through  eBay— while  revenue 
increased  by  88  percent.  "We’re  typically  paying  25  to  30 
percent  of  the  ‘new’  price  for  essentially  brand-new  equip¬ 
ment,”  Handman  says. 

Chris  Montgomery,  director  of  IT  operations  for  San 
Antonio-based  consultancy  Frost  &  Sullivan,  first  discovered 
the  benefits  of  online  bidding  when  his  CFO  suggested  he 


scout  eBay  for  deals  on  additional  air-conditioning  units  for 
his  server  farm.  “We  purchased  a  14,000  BTU  floor  unit  at 
an  exceptional  discount,”  Montgomery  recalls. 

Since  then,  Montgomery’s  department  has  bought  a  new 
Dell  PowerVault  130T  backup  system  on  eBay.  "We  were  able 
to  acquire  top-of-the-line  equipment  while  replacing  our  leg¬ 
acy  system  at  a  cost  savings  of  more  than  75  percent,” 
explains  Montgomery,  who  is  currently  pricing  Web  servers 
on  the  auction  site. 

With  more  than  400,000  computer-related  products  for  sale 
at  any  given  point,  eBay  says  IT  executives  are  bidding  on 
everything  from  routers  to  phone  systems  to  LCD  projectors. 
The  company  says  more  than  50  percent  of  the  listings  are 
actually  new  products  and  many  others  are  still  under  warranty. 

Before  you  join  the  bidding  frenzy,  take  the  advice  of  sea¬ 
soned  IT  execs  and  eBay  buyers:  Look  up  the  seller’s  history 
and  contact  him  directly  with  any  questions,  check  out  other 
closed  auctions  for  the  same  type  of  item  to  find  out  what 
price  it  might  go  for,  and  research  the  purchase  as  you  would 
any  other  IT  expenditure. 
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AppGate™  VPN  and  VPNPowerBox™  redefine  what  a  VPN  can  do  by  extending  e-security  all  the  way  from  the 
user  to  the  application.  You  thought  that  a  VPN  had  to  be  network  device  dependent?  Well,  the  AppGate  solution 
goes  further  by  offering  NAT  transparency,  network,  firewall  and  router  independency.  AppGate  offers  user 
interfaces  that  are  platform  independent  through  a  downloadable  java™  client,  saving  your  enterprise 
distribution,  support,  and  deployment  costs.  AppGate  provides  the  scalability  to  an  unlimited  number  of  users 

and  flexibility  that  you  have  been  looking  for  in  a  VPN  solution. 

For  more  information,  visit  our  website  at  www.appgate.com  or  give  us  a  call  at  i-866-AppGate. 
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We  take  e-security  further 


tm  AppGate  and  VPNPowerBox  are  registered  trademarks  of  AppGate  AB;  Java  is  a  registered  trademark  of  Sun  Microsystems,  Inc. 
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From  Stupid  to 
Smart 

Business  @  the  Speed  of  Stupid: 
Building  Smart  Companies 
After  the  Technology  Shakeout 

By  Dan  Burke  and  Alan  Morrison 

—  Perseus  Publishing,  2001,  $26 
Everyone  loves  a  good  failure 
story.  A  book  full  of  them  is 
even  better.  The  consultant 
authors  of  Business  @  the 
Speed  of  Stupid  base  their 
chapters  on  real-life  technol¬ 
ogy  endeavors  that  failed — 
though  names  are  changed  to 
protect  the  stupid.  Burke 
and  Morrison  adeptly  cover 
the  major  issues  surrounding  a 
good  idea  gone  bad,  focusing  primarily  on 
the  myth  that  technology  can  solve  every 
problem.  Also  highlighted  are  cases  in 
which  the  people  involved  in  implementa¬ 
tion  completely  failed  to  communicate — 
which  Burke  and  Morrison  point  to  as  one 
of  the  key  factors  in  technology  venture 
failures.  Misalignment  as  a  factor  in  fail¬ 
ure  isn’t  revolutionary  thinking,  but  the 
authors  manage  to  make  their  tales 
amusing  and  educational. 

However,  their  own  endeavor 
slides  toward  failure  with  the  inclu¬ 
sion  of  their  “always/never”  tables, 
which  offer  hard  and  fast  dos  and 
don’ts  that  make  the  reader  won¬ 
der  why,  if  the  rules  for  attaining 
success  are  that  black  and  white, 
any  company  fails  at  all.  Burke  and 
Morrison  compensate  for 
their  simplified  suggestions 

BOOK  TALK 


with  anecdotes  about  management  misun¬ 
derstandings  and  consultant  failures  that 
any  project  leader  could  relate  to  and  learn 
from.  Business  @  the  Speed  of  Stupid  is  a 
useful  guide  on  how  to  avoid  falling  victim 
to  technology  hype  and  myth. 

-Stephanie  Viscasillas 

Where  There’s 
a  Will 

Will  and  Vision:  How  Latecomers  Grow 
to  Dominate  Markets 

By  Gerard  J.  Tel  I  is  and  Peter  N.  Golder 
McGraw-Hill,  2001,  $27.95 
Although  the  new  economy  promotes  the 
fast  and  furious,  the  authors  of  Will  and 
Vision  give  the  winning  prize — long-term 
brand  recognition — to  the  slow  and 
steady.  Companies  don’t  have  to  be  first; 
they  just  have  to  be  better,  hitting  the  mar¬ 
ket  with  an  innovative  spin.  A  lot  of  us 
assume  that  today’s  superbrands  were  the 
pioneers  in  their  field,  but  being  first  with 
a  great  idea  doesn’t  equal  automatic  suc¬ 
cess  and  endurance,  the  authors  claim, 
citing  their  10-year  investigation  of  late 
market  entrants,  including  Netscape’s 
Navigator  and  Procter  &  Gamble’s  Pam¬ 
pers.  The  writers  make  a  con¬ 
vincing  point,  but  some  of 
their  arguments  come  across 
as  nitpicking — sure,  King  C. 
Gillette  didn’t  invent  the 
safety  razor,  but  give  the  guy’s 
company  credit  as  the  first  out 
with  a  disposable  version. 
Forget  the  questions  the  book 
raises,  and  use  its  case  studies 
and  chapter  on  finding  and 
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committing  financial  resources  as  tips  to 
convince  the  higher-ups  of  your  next  bril¬ 
liant,  innovative  idea.  -Sarah  Johnson 


Perhaps  the  central  task  of  this  century  will  be  to  create  a  world  where  we  neither  deny 
the  richness  of  our  cultural  differences  nor  allow  them  to  divide  us.  it  is  a  daunting  task, 
considering  the  many  lenses  through  which  we  view  our  world. 

-From  The  10  Lenses:  Your  Guide  to  Living  &  Working  in  a  Multicultural  World,  by  Mark  W.  Williams  ( Capitol  Books,  2001) 
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respond  to  information  however  you  want.  It’s  possible  when  Avaya  transforms  your  company’s  voice 
and  data  systems  by  getting  them  working  together.  Reliably.  Securely.  With  our  innovations  in 
voice  and  in-depth  expertise  in  data,  you  stay  accessible,  you  stay  connected.  Find  out  why  more  than 
90%  of  the  FORTUNE  500®  use  Avaya  communications  to  power  their  business,  visit  avaya.com/nowone. 
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SUPPLY  CHAIN  MANAGEMENT 

New  Links  in  the 

JL JL d JL JL JL  By  Meridith  Levinson 


THE  PROLIFERATION  OF  trade  ex¬ 
changes  and  B2B  technologies  is  funda¬ 
mentally  changing  the  way  companies 
do  business.  Grady  Means,  man¬ 
aging  partner  at  Pricewater- 
houseCoopers’  Washington  prac¬ 
tice  and  coauthor  of  Meta- 
Capitalism:  The  E-Business  Rev¬ 
olution  and  the  Design  of  21st- 
century’  Companies  and  Markets 
(John  Wiley  &  Sons,  2000)  with 
colleague  David  M.  Schneider, 
believes  the  economic  slowdown 
in  the  United  States  is  indicative 
of  a  major  shift  in  business  prac¬ 
tices  brought  on  by  the  Internet 
and  online  exchanges. 

CIO:  What  is  this  transformation? 

Means:  It’s  a  new  form  of  capi¬ 
talism.  The  principles  are  that 
you  can  get  capital — human, 
physical,  financial,  brand — 
through  the  Internet.  If  you  look 
at  the  balance  sheets  of  large 
companies  over  the  past  few  years,  you  see 
them  selling  off  a  lot  of  their  factories.  You 
see  them  outsourcing  a  tremendous 
amount — more  than  they  ever  did  before. 
You  see  them  developing  alliances  and 
using  the  Net  to  identify  and  manage 
those  alliances.  The  model  says  we  don’t 
have  to  own  factories,  but  we  have  to 
know  how  to  manage  the  supply  chains 
and  the  factories  that  we  don’t  own  but 
that  produce  our  products.  It  lets  compa¬ 
nies  decapitalize  more  quickly,  drive  their 
working  capital  down  more  quickly  and 
their  EBIT  [earnings  before  interest  and 
taxes]  up. 

How  is  the  economic  slowdown  indicative  of 
this  change? 

Even  though  stocks  have  taken  a  beating, 
U.S.  productivity  is  up  and  seems  to  con¬ 
tinue  to  grow.  Alan  Greenspan  and  oth¬ 
ers  explain  [that]  the  continued  growth  in 


productivity  in  spite  of  the  apparent  eco¬ 
nomic  slowdown  is  [a  result  of]  compa¬ 
nies  moving  to  these  new  types  of  tech¬ 


nologies  and  using  them  more  effectively. 
Companies  in  just  about  every  sector  are 
putting  more  of  their  procurement  and 
more  of  their  supply  chain  online. 

How  relevant  is  this  idea  of  outsourcing 
business  operations  in  the  post-Sept.  11 
world? 

When  talking  about  connecting  through 
virtual  networks,  you’ve  got  the  elements 
of  a  disaster  recovery  plan,  which  is  very 
different  if  you  have  one  manufacturing 
plant  vertically  integrated,  making  every¬ 
thing  from  back  to  back.  People  have  dis¬ 
covered  that  using  virtual  systems  and 
technologies  that  can  prepare  and  repair 
themselves  and  reassemble  supply  chains 
quickly  is  a  very  smart  move  in  an  era 
where  we  face  terrorist  problems  and 
other  unpredictable  attacks.  There’s  no 
question  recent  events  [of  Sept.  11]  will 
accelerate  these  new  economy  principles. 


SECURITY 

GovNet  Not? 


GROWING  CONCERN  OVER 

government  information  getting 
into  the  wrong  hands  has  prompted 
lawmakers  to  consider  how  to  safe¬ 
guard  electronic  data.  Richard 
Clarke,  who  was  made  head  of 
federal  cybersecurity  last  October, 
has  proposed  a  secure  government 
voice  and  data  network  called 
GovNet.  This  network  would  be 
independent  and  therefore  impervi¬ 
ous  to  hackers  and  the  denial-of- 
service  attacks  that  have  debilitated 
government  networks  in  the  past. 

GovNet  would  keep  critical  infor¬ 
mation  on  servers  separate  from 
the  Internet  and  therefore  secure 
from  the  vulnerabilities  inherent  in 
public  sites.  Private  companies, 
which  would  ultimately  bid  for  the 
contract  if  the  idea  goes  forth, 
responded  to  the  government’s 
request  for  information  on  the  topic 
through  October  and  November. 
Most  thought  it  was  a  good  idea 
but  difficult  if  not  impossible  to  put 
into  practice. 

Designing  a  secure  and  reliable 
infrastructure  wouldn’t  be  the  stick¬ 
ing  point,  according  to  Amit  Yoran, 
CEO  of  security  services  company 
Riptech  in  Alexandria,  Va.,  and  for¬ 
mer  information  security  program 
director  at  the  Defense  Depart¬ 
ment.  The  problem  would  be  moni¬ 
toring. 

Maintaining  a  private  network  as 
secure  as  that  which  the  govern¬ 
ment  envisions  would  involve  seri¬ 
ous  effort  to  ensure  that  nobody 
accidentally  plugged  a  PC  with 
Internet  access  into  GovNet,  allow¬ 
ing  the  information  to  flow  through 
the  public  outlet  they’ve  been  trying 
to  avoid,  Yoran  says.  Officials  hope 
to  have  analysis  and  a  development 
time  line  done  by  this  month. 

-Stephanie  Viscasillas 
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Acxiom®  can  show  you  how  to  go 
further  than  ever  with  your  data. 

So  how  do  you  get  started?  With 
a  simple  report  called  Opticx.” 

In  a  matter  of  days,  you’ll  receive 
a  data  analysis  that  could  reveal 
millions  of  dollars  in  opportunities. 
Then  we’ll  show  you  how  to  take 
advantage  of  those  opportunities 
by  integrating  InfoBase®  data 
products  into  your  customer 
data-driven  initiatives.  We  can 
also  introduce  you  to  relationship¬ 
building  tools  like  AbiliTecT  our 
market-leading  Customer  Data 
Integration  software  that  enables 
a  single  view  of  your  customer. 

If  your  marketing  and  customer 
relationship  programs  rely  on 
accurate  data  to  succeed,  you 
should  rely  on  Acxiom. 
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Go  Slowly  with 
Web  Services 


To  reap  the  benefits  of  Web  services  technology, 
keep  it  simple  and  take  an  incremental  approach 

BY  JOHN  HAGEL,  JOHN  SEELY  BROWN  AND 

DENNIS  LAYTON-RODIN 

AS  THE  HYPE  SURROUNDING  Web  services  gains  momentum,  many 
CIOs  are  reacting  with  skepticism  and  concern.  But  Web 
services  do  offer  real  business  benefits.  By  breaking  down 
enterprise  applications  into  shareable  components — known 
as  services — each  of  which  performs  a  different  task,  organ¬ 
izations  can  connect  applications  within  or  across  compa¬ 
nies  or  enhance  the  functionality  of  existing  applications. 
(See  “Make  Way  for  Web  Services,”  Emerging  Technology, 
Oct.  15,  2001.)  Web  services  use  public  standards  such  as 
XML,  which  allows  them  to  provide  a  much  lower  cost  and 
more  flexible  approach  to  connecting  applications  than  tradi¬ 
tional  approaches  like  EDI  or  EAI.  They  also  make  it  easier 
to  coordinate  business  activities,  especially  across  enter¬ 
prises,  leading  to  lower  operating  costs,  significant  savings 
and  attractive  growth  options. 

CIOs  need  to  find  ways  to  gain  experience  and  reap  some 
of  the  benefits  of  this  new  technology  without  exposing  the 
enterprise  to  undue  risk.  The  most  promising  way  to  do  that 
is  to  keep  it  simple,  keep  it  incremental,  and  learn,  learn,  learn. 
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Keep  It  Simple 

Data:  By  focusing  on  specific,  event-based  information  that 
directly  affects  the  actions  of  the  enterprise,  CIOs  can  help  to 
simplify  their  company’s  approach  to  data  sharing.  For  exam¬ 
ple,  Dell  Computer  was  seeking  to  lower  the  inventory  in  its 
supply  chain  through  more  focused  information  sharing  with 
its  partners.  The  company  aimed  to  fulfill  orders  within  five 
days  of  receipt,  but  it  took  its  suppliers  up  to  45  days  to  ful¬ 
fill  them.  Since  Dell  and  its  partners  all  operated  on  disparate 
systems,  information  sharing  was  very  labor  intensive.  For 
this  reason,  Dell  used  to  carry  inventories  of  up  to  30  hours 
in  its  factories  as  a  buffer  against  unexpected  disruptions  in 
the  supply  chain.  Rather  than  trying  to  impose  a  common  tech¬ 
nology  platform  as  a  means  of  achieving  transparency  across 
its  supply  chain,  Dell  is  now  using  Web  services  to  provide 
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Step  Six:  Pilot,  Test  &  Learn 


ENSURING  CRM 


are 


rhe  first  five  steps 

now  complete  and  you’re 
getting  close  to  achieving 
your  goal  of  building  a 
successful  CRM  infrastructure. 

•  Step  1  outlined  the  development  of 
a  business  case  accompanied  by  an 
ROI  model  that  quantified  costs 
and  anticipated  benefits 
•  Step  2  was  devoted  to  creating  a 
clear  picture  of  the  enterprise’s 
prospects  and  customers — their 
demographics,  preferences,  the 
products  and  services  they  buy,  and 
the  channel(s)  through  which  they 
make  their  purchases 
•  Step  3  defined  the  current  and 
desired  infrastructure  states,  and 
identified  technical  gaps  in  order  to 
deploy  the  infrastructure  needed  to 
support  the  CRM  initiatives 
•  Step  4  created  an  actionable  strate¬ 
gy  of  customer  interaction  policies 
to  meet  a  company’s  ROI  goal 
•  Step  5  developed  common  data 
classifications  for  CRM  busi¬ 
ness  definitions,  also  called 
CRM  classes 

Having  completed  the  first  five 
steps,  you’re  now  ready  to  rollout  your 
infrastructure.  Right?  Well,  maybe.  If 
you’ve  executed  the  first  five  steps  then 
you  should  have  a  solid  foundation  for 
launching  your  CRM  initiatives,  but 
in  these  economic  times  many  compa¬ 
nies  are  looking  to  test  their  CRM 
strategy  and  infrastructure  before  enter¬ 
prise  rollout  to  make  sure  the  CRM 
initiatives  will  achieve  the  expected 
ROI.  The  best  way  to  ensure  success  is 
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to  launch  a  pilot 
program  to  test 
the  application  of 
your  CRM  initia¬ 
tives. 

Why  Pilot? 

Often,  companies 
are  in  such  a  rush  to 
rollout  their  new 
infrastructure  that 
they  don’t  test  the  CRM 
system  and  processes  to  make 
sure  that  the  assumptions  on  which 
the  strategy  was  built  are  still  applica¬ 
ble.  There  are  several  reasons  why  your 
intended  goals  and  strategy  should  be 
tried  on  a  smaller  scale  before  deploy¬ 
ing  a  CRM  system  enterprise-wide. 
Some  of  the  unanticipated  variables 
that  may  affect  the  results  include: 

•  The  economic  environment 

•  Changes  in  the  competitive  land¬ 
scape 

•  Shifts  in  customer  needs 

•  Changes  in  partner  alliances 

If  the  first  five  steps  were  correctly 
executed,  the  resulting  CRM  infra¬ 
structure  should  have  the  flexibility  to 
accommodate  these  changes.  The  sixth 
step  enables  you  to  prove  the  hypothe¬ 
ses  from  Step  1  ’s  ROI  analysis  and  pro¬ 
vides  you  with  the  justification  for 
enterprise  rollout. 

What  are  the  risks  of  not  first 
launching  a  CRM  pilot?  The  premise 
behind  the  pilot  is  that  there  are  a  vari¬ 
ety  of  assumptions  associated  with 
your  ROI  analysis:  target  customer 
segments,  their  preferences,  ability  of 
the  company  to  meet  their  needs,  etc. 
that  you  want  to  prove.  Most  compa¬ 
nies  make  educated  guesses  about 
these  assumptions.  The  pilot  allows  the 
company  to  make  big,  enterprise-wide 
infrastructure  bets.  For  instance,  build¬ 
ing  a  Web  self-service  capability  may 
or  may  not  be  justified  depending  on 


the  adoption  rate.  By  piloting  this 
capability  first,  the  company  can  solid¬ 
ify  expected  adoption  rates,  as  well  as 
learn  more  about  necessary  function¬ 
ality.  This  learning  will  ensure  suc¬ 
cessful  enterprise  rollout.  If  you  are 
confident  about  the  assumptions 
behind  the  ROI  analysis,  a  pilot  may 
not  be  necessary. 


Seven  Steps 
to  Successful  CRM 
Infrastructure 


A  Guide  for  CIOs 

This  is  the  sixth  in  a  series  of  articles  pre¬ 
sented  by  the  Wheelhouse  Corporation 
that  describes  seven  key  steps  to  imple¬ 
menting  the  technical  infrastructure  sup¬ 
porting  customer  relationship  manage¬ 
ment  (CRM)  initiatives. 

These  articles  are  based  on 
Wheelhouse’s  extensive  experience  as 
a  CRM  infrastructure  provider  helping 
Fortune  1000  companies  deploy, 
manage  and  optimize  marketing-driven 
CRM  systems.  Wheelhouse  customers 
include  such  well-known  companies  as 
Cablevision  Systems  Corporation,  J.P. 
Morgan  Chase,  Merrill  Lynch,  Trendwest 
Resorts,  Inc.,  VoiceStream  Wireless  and 
Wells  Fargo. 
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Three  Phases  of  Piloting 

Piloting  is  a  way  to  significantly  mini¬ 
mize  the  risks  associated  with  CRM 
system  implementations.  Broadly,  there 
are  three  phases  in  executing  a  pilot 
program: 

1 .  Developing  the  strategy  for  the  pilot 
program  entails  deciding  what  you  are 
trying  to  test. 

•  In  some  cases,  companies  are  try¬ 
ing  to  validate  a  hypothesis  for  the 
return  associated  with  the  new 
capability  or  service  offering 
enabled  by  a  CRM  system.  In 
order  to  test  the  hypothesis,  the 
company  will  design  a  campaign 
or  series  of  campaigns  aimed  at 
testing  the  new  capability  or  serv¬ 
ice  offering.  For  instance,  in  the 
case  of  Web  self-service,  the  com¬ 
pany  might  roll  out  limited  func¬ 
tionality  to  a  small  group  of  cus¬ 
tomer  segments  to  gain  valuable 
insight  into  what  would  be  neces¬ 
sary  for  a  successful  enterprise 
launch. 

•  In  other  cases,  companies  want  to 
make  sure  that  their  own  business 
users  will  be  able  to  benefit  from 
the  CRM  system’s  functionality. 
This  is  a  key  concern  that  should 
not  be  overlooked.  While  an  appli¬ 
cation  may  have  the  necessary 
checkbox  functionality,  if  the  orga¬ 
nization’s  business  users  cannot  be 
trained  to  use  the  application 
appropriately,  then  the  investment 
will  be  lost. 

•  Finally,  every  CRM  system  must  be 
able  to  integrate  with  the  other 
CRM  systems  and  legacy  applica¬ 
tions  that  comprise  the  entire  infra¬ 
structure.  For  instance,  in  the  case 
of  a  campaign  management  system, 
you  must  be  able  to  extract  data 
from  the  appropriate  systems  and 
output  lists  to  operational  systems 
that  can  implement  the  campaigns. 
This  application  integration  is 
sometimes  overlooked,  leading  to 
siloed  applications  with  limited 
functionality. 

2.  Rolling  out  the  pilot  program 
includes  launching  the  new  service  or 
offering  on  a  limited  scale  or  time- 
frame  to  gather  the  necessary  data  to 
justify  enterprise  rollout.  Tactical 
activities  include  pilot  user  training, 
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ongoing  program  development  and 
the  execution  of  several  campaigns. 
The  rollout  may  also  include  appli¬ 
cation  and  system  support  and  man¬ 
agement  to  optimize  the  pilot’s 
performance. 

3.  Learning  from  the  pilot  includes 
understanding  what  worked  and 
quantifying  the  results.  At  the  end  of 
the  pilot,  the  company  should  be  able 
to  publish  the  pilot’s  ROI  results, 
which  should  provide  the  data  neces¬ 
sary  for  detailing  the  roadmap  for 
full-scale  rollout  of  the  application. 
At  this  point,  the  company  can  also 
make  any  necessary  refinements  based 
on  the  pilot  results  prior  to  enterprise 
rollout.  Looking  ahead,  the  enterprise 
rollout  activities  should  include 
timetables  for  deployment,  time  and 
capital  resource  requirements,  and,  if 
necessary,  additional  features/func- 
tionality  required. 

Outsourcing  the  Pilot 

Many  companies  lack  the  necessary 
infrastructure  to  execute  a  pilot  quick¬ 
ly  without  incurring  a  substantial  drain 
on  IT  resources.  One  option  is  to  out¬ 
source  the  pilot  to  a  CRM  infrastruc¬ 
ture  provider  like  Wheelhouse  that  can 
provide  the  systems  and  applications 
for  testing  CRM  applications  in  pro¬ 
duction  mode.  The  key  benefit  is  that 
IT  can  focus  on  the  existing  business 
and  quickly  generate  in-market  learn¬ 
ing  associated  with  a  pilot. 

Winning  with  the  Pilot  Approach 

The  Financial  Services  Division  of  a 
large,  diversified  company  with  $13 
billion  in  annual  sales  was  considering 
implementing  an  analytic  CRM  solu¬ 
tion  to  execute  a  series  of  campaigns 
that  would  hopefully  result  in  increased 
revenue  growth  through  increased 
usage  of  existing  credit  lines  and  the 
addition  of  new  credit  lines. 

Flowever,  without  the  baseline 
data  necessary  to  predict  the  ROI 
associated  with  these  campaigns,  the 
company  could  not  justify  the 
resources  required  to  implement  the 
system  in  every  sub-division.  The 
company  recognized  the  importance 
of  the  pilot  approach  and  realized 
they  could  use  the  ROI  results  from 
the  "test  case"  project  scenario  in 
one  sub-division  as  a  means  of  fore¬ 


casting  the  ROI  for  division-wide 
deployment. 

To  prove  the  pilot  concept, 
Wheelhouse  conceived  of  and  pro¬ 
posed  a  six-month  pilot  program  for 
the  company,  which  included:  deploy¬ 
ing  and  managing  the  analytic  CRM 
solution;  designing  and  executing  six 
specific  marketing  campaigns  (a  mix 
of  acquisition,  retention  and  cross-sell 
programs);  and  developing  an  ROI 
analysis  of  the  program’s  payback. 

Some  of  the  key  challenges  over¬ 
come  during  this  pilot  included: 

•  Designing  the  optimal  software- 
enabled  campaigns  and  prioritiz¬ 
ing  them  according  to  highest 
return 

•  Developing  an  ROI  model  using 
real  data  to  measure  the  results  gen¬ 
erated  by  system-driven  campaigns 
against  a  baseline  scenario  during 
the  test  case  period 

•  Deploying  the  system  within  a  1 0- 
week  timeframe  to  start  generating 
results  as  quickly  as  possible 

•  Demonstrating  the  value  of  the  new 
systems  through  the  pilot  while 
minimizing  IT  impact  and  imme¬ 
diate  hardware  expenditures 

The  pilot  objective  was  to  verify  that 
the  analytic  CRM  system  could  facili¬ 
tate  an  increase  in  revenue  by  manag¬ 
ing  a  series  of  campaigns  to  existing 
customers  and  prospects.  The  pilot 
helped  the  company  verify  that  with 
the  analytic  CRM  system  they  could 
add  significant  top  line  revenue,  yield¬ 
ing  sufficient  incremental  bottom  line 
return  to  justify  the  cost  of  the  system 
and  ongoing  support. 

Coming  up  in  the  March  1  edition  of  CIO: 

Step  7:  Enterprise  Deployment: 

Ready  For  Prime  Time 

To  download  an  electronic  version  of  this  arti¬ 
cle,  go  to  www.wheelhouse.com/articles. 

To  learn  more  about  how  we  can  help  your 
business  with  CRM  infrastructure  innova¬ 
tion,  call  781-505-3255  or  e-mail  us  at 
info@wheelhouse.com. 
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limited  visibility  through  the  automatic  sharing  of  simple  event 
acknowledgements,  such  as  notification  when  a  product  is 
shipped  on  time.  By  giving  Dell  more  timely  notification  of 
potential  disruptions  in  supplies,  this  approach  lets  the  com¬ 
pany  work  around  them — before  they  become  real  problems. 
The  bottom  line:  Dell  has  been  able  to  reduce  its  raw  materi¬ 
als  inventory  to  just  three  to  five  hours. 

Protocols:  The  key  challenge  in  integrating  across  disparate  sys¬ 
tems  is  getting  divergent  applications — not  to  mention  divergent 
frameworks  like  CORBA  and  DCOM — to  talk  with  each 


other.  An  alternative  approach  is  to  use  very  simple  protocols 
such  as  SOAP  (simple  object  access  protocol)  or  FTP  to  just 
move  the  data  from  its  source  application,  such  as  a  manufac¬ 
turer’s  forecasting  system,  to  its  target  application,  such  as  a 
supplier’s  MRP  system.  Once  the  data  is  at  its  target  application, 
simple  scripts  can  be  crafted  to  insert  the  data  into  the  appli¬ 
cation  for  use.  By  focusing  on  transferring  specific  data  as 
opposed  to  invoking  applications,  it  is  possible  to  allow  incom¬ 
patible  environments  to  work  together. 

Business  processes:  Dell  succeeded  because  it  worked  hard 
to  reduce  its  process  to  the  lowest  common  denominator.  It 
realized  that  much  of  the  complexity  in  supply  chain  orches¬ 
tration  can  be  eliminated  by  reducing  the  process  to  a  series 
of  very  simple,  almost  binary,  communications.  At  the  end  of 
the  day,  partners  need  to  share  the  information  a  process  con¬ 
veys,  not  the  process  itself. 

Keep  It  Incremental 

Business  partners:  Start  with  a  limited  number  of  well-established 
business  partners  with  whom  you  already  have  strong,  trust- 
based  relationships  and  a  deep  understanding  of  each  other’s 

business.  Then,  after  some  ex¬ 
perience,  you  can  expand  the 
number  and  diversity  of  busi¬ 
ness  partners  involved.  Dell 
started  with  less  than  a  dozen 
vendor-managed  hubs — spe¬ 
cialized  third-party  logistics  providers  that  coordinated  ship¬ 
ments  from  hundreds  of  suppliers.  As  it  gained  experience, 
Dell  broadened  its  focus  to  include  its  suppliers. 

Level  of  specification:  To  manage  the  risks  inherent  in  many 
business  relationships,  such  as  unexpected  shortages  in  supply, 
companies  have  traditionally  tried  to  negotiate  contracts  that 


specify  in  great  detail  the  activities  to  be  performed  by  each 
partner.  But  such  high  levels  of  specification  can  reduce  flexi¬ 
bility  to  adapt  to  unforeseen  changes  in  market  conditions. 
Web  services  technology,  on  the  other  hand,  creates  the  poten¬ 
tial  for  more  flexibility  by  allowing  companies  to  establish 
connections  across  key  applications  much  more  quickly  and 
cheaply  than  they  would  be  able  to  using  traditional  options 
that  require  all  participants  to  install  expensive,  proprietary 
and  complex  technology.  Web  services  achieve  these  benefits 
by  taking  diverse  technology  platforms  as  a  given  and  focus¬ 
ing  on  establishing  very  “light”  interfaces 
using  public  standards  like  XML  to  enable 
communications  across  applications.  To  ex¬ 
ploit  this  potential,  companies  need  to  grad¬ 
ually  shift  from  high-specification  ap¬ 
proaches,  such  as  very  detailed  contracts,  to 
alternative  approaches  that  rely  on  more  flex¬ 
ible  ways  of  achieving  the  desired  business  results,  such  as 
via  incentives  and  selective  information  visibility. 

Amount  of  value:  CIOs  can  also  manage  risk  by  initially  focus¬ 
ing  on  individual  business  activities  that  have  relatively  low 
value  and  then  expanding  over  time  to  include  higher-value 
ones.  For  example,  many  financial  services  companies  are  start¬ 
ing  to  use  Web  services  to  distribute  content  like  investment 
analyst  reports  to  their  clients.  As  these  companies  gain  more 
experience,  they  can  begin  to  expand  to  higher-value  (and 
higher-risk)  ones  such  as  the  processing  of  client  transactions. 

Learn,  Learn,  Learn 

Ultimately,  the  key  to  reducing  risk  and  increasing  business 
value  is  to  learn  from  early  experience  and  deepen  skills  in  the 
application  and  operation  of  Web  services.  But  learning  does 
not  happen  automatically.  CIOs  need  to  design  appropriate 
information  feedback  loops  to  support  the  learning  process.  The 
good  news  is  that,  by  automating  connections  across  applica¬ 
tions,  Web  services  technology  can  generate  very  helpful  data 
about  its  own  performance.  By  capturing  such  data  and  trans¬ 
forming  it  into  useful  information,  CIOs  can  significantly  accel¬ 
erate  the  learning  process.  That,  in  turn,  will  help  the  organization 
address  future  opportunities  more  quickly. 

Start  simply,  but  do  start — you  won’t  learn  anything  if  you 
do  nothing  at  all.  E3E1 


What  are  your  thoughts  about  Web  services?  Tell  Columns  Editor  Katherine 
Noyes  at  knoyes@cio.com.  John  Hagel  (j_hagel@hotmail.com)  is  a  man¬ 
agement  consultant  and  author  based  in  San  Francisco  who  specializes 
in  the  strategic  implications  of  IT.  John  Seely  Brown  (jsbrown@ 
parc.xerox.com )  is  chief  scientist  at  Xerox  and  former  director  of  Xerox 
PARC.  Dennis  Layton-Rodin  ( dennis@interventuresconsulting.com )  is  an 
e-commerce  and  Web  services  consultant  based  in  San  Francisco. 


Start  with  a  limited  number  of  well-established 
business  partners  with  whom  you  already  have 
strong,  trust-based  relationships. 
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Are  Web  services  ready  for  prime 
time?  You  tell  us.  Go  to  CIO 
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INTEGRATION: 

A  HERCULEAN  TASK. 


Reshaping  IT  infrastructures  can  be  difficult  for  mere  mortals. 


How’s  this  for  a  challenge?  Take  an  e-business  infra¬ 
structure  teeming  with  disparate  networks,  platforms, 
standards  and  applications,  and  make  them  all  work  as  one. 
Across  all  business  units.  With  suppliers,  partners  and 
customers.  Yep,  integration  is  one  colossal  test  of  strength. 

So  how  do  you  tackle  it?  You  can  start  by  ordering  our 
Software  Evaluation  Kit  for  Linux?  (It’s  yours  free  by 
simply  registering  by  phone  or  online.)  In  it  you'll  find  an 
overview  of  e-business  integration,  along  with  perspec¬ 
tives  and  strategies  for  tough  integration  challenges.  You’ll 
also  get  free  trial  code  for  IBM  software  such  as  DB2? 
WebSphere?  Lotus®  and  Java"  Tools.  It’s  the  perfect 
integration  software  primer.  And  best  of  all,  everything 
in  it  also  speaks  Linux. 


As  the  fastest  growing  and  most  accessible  operating 
system,  Linux  is  an  ideal  platform  for  the  integrated 
environment.  For  small  business  or  corporate  behemoth. 
It’s  open,  scalable  and  hardware-agnostic. 

That’s  why  IBM  offers  the  industry’s  richest 
selection  of  code  for  Linux.  And  then  backs  it  with  IBM 
service,  support  and  consulting.  That  means  an  army  of 
integration  experts  proficient  in  everything  from 
designing  to  deploying  to  maintaining 
truly  open  and  interoperable  systems. 

To  see  how  you  can  take  on  an  inte¬ 
gration  project,  with  little  to  no  chance  of 
a  hernia,  visit  our  Web  site  or  call  today  for 
your  free  Software  Evaluation  Kit  for  Linux. 


CLICK  OR  CALL  FOR  A  FREE  IBM  SOFTWARE  EVALUATION  KIT  FOR  LINUX. 


(g°  ibm.com/e-business/soready/p4  Q)  1  800  426  7080,  ask  for  Open 
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*  LEGAL  NOTE •  IBM,  Lotus,  the  e-business  logo  and  other  marks  designated  *  or  ™  are  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or 
other  countries.  Java  and  all  Java-based  trademarks  are  trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States,  other  countries,  or  both.  Other  company,  product  and 
service  names  may  be  trademarks  or  service  marks  of  others.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  ©  2001  IBM  Corporation.  All  rights  reserved.  Limit  one  kit  per 
respondent.  Respondents  will  be  required  to  complete  a  registration  form  in  order  to  participate  in  this  offer.  Offer  available  only  in  U.S. 
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Return  on 
Security  Spending 

For  years  CIOs  have  had  to  use  scare  tactics  and  other  soft 
arguments  to  justify  an  investment  in  security.  Now,  for  the  first  time, 
they  may  be  able  to  get  the  hard  numbers  they  need  to  show  ROI. 

BY  SCOTT  BERINATO 


Reader  ROI 

►  Learn  why  it’s  so  hard 
to  define  the  return  on 
security  investment 

►  Read  how  economists 
are  attempting  to 
quantify  those  returns 

►  Learn  how  the  numbers 
will  fundamentally 
change  infosecurity 


OU  need  fire  sprinklers. 


Obvious  advice,  maybe,  but  once 
upon  a  time  fire  sprinklers  were  con¬ 
sidered  a  waste  of  money.  In  fact,  in 
1882,  sprinklers  were  considered  to 
be  as  dubious  an  investment  as 
information  security  is  today. 

That’s  why  George  Parmalee,  in 
March  of  that  year,  set  a  Bolton, 
England,  cotton  spinning  factory  on 
fire.  In  90  seconds,  flames  and  bil¬ 
lows  of  thick  black  smoke  engulfed 
the  mill.  After  two  minutes,  32  auto¬ 
matic  sprinklers  kicked  in  and  extin¬ 
guished  the  fire. 

It  was  a  sales  pitch.  Parmalee's 
brother  Henry  had  recently  patented 
the  sprinklers  and  George  hoped  the 
demonstration  would  inspire  Brit¬ 
ain’s  mill  owners— many  of  whom 
came  to  watch— to  invest  in  his  bro¬ 
ther’s  new  form  of  security. 


But  they  didn’t.  “It  was  slow  work 
getting  sprinklers  established  in  this 
country,”  wrote  Sir  John  Wormald,  a 
witness  to  the  conflagration.  Only  a 
score  of  factories  bought  the  devices 
over  the  next  two  years. 

The  reason  was  simple,  and  it  will 
sound  familiar  to  CIOs  and  chief 
security  officers:  “[Parmalee]  real¬ 
ized  that  he  could  never  succeed  in 
obtaining  contracts  from  the  mill 
owners... unless  he  could  ensure  for 
them  a  reasonable  return  upon  their 
outlay,”  Wormald  wrote. 

Today,  it’s  data  warehouses,  but 
data  is  as  combustible  as  cotton. 
Thousands  of  George  Parmalees— 
CIOs  and  CSOs,  not  to  mention 
security  consultants  and  vendors— 
are  eager  to  demonstrate  inventions 
that  extinguish  threats  to  information 
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before  those  threats  take  down  the  company. 
But  the  investment  conundrum  remains  pre¬ 
cisely  what  it  was  120  year  ago.  CEOs  and 
CFOs  want  quantifiable  proof  of  an  ROI 
before  they  invest. 

The  problem,  of  course,  is  that  until  just 
recently  a  quantifiable  return  on  security 
investment  (ROSI)  didn’t  exist.  The  best 
ROSI  argument  CIOs  had  was  that  spend¬ 
ing  might  prevent  a  certain  amount  of  losses 
from  security  breaches. 

But  now  several  research  groups  have 
developed  surprisingly  robust  and  support¬ 
able  ROSI  numbers.  Their  research  is  dense 
and  somewhat  raw,  but  security  experts 
praise  the  efforts  as  a  solid  beginning  toward 
a  quantifiable  ROSI. 

“I  was  quite  surprised,  to  be  honest,”  says 
Dorothy  Denning,  a  professor  at  George¬ 
town  University  and  a  widely  regarded  infor¬ 
mation  security  expert.  “I  have  a  good  sense 
of  what’s  good  research,  and  all  of  this  seems 
good.  They  are  applying  academic  rigor.” 

IT  executives  are  hungry  for  this  kind  of 
data.  “It’s  very  easy  to  get  a  budget  [for  secu¬ 
rity]  after  a  virus  hits.  But  doing  it  up  front 
makes  more  sense;  it’s  always  more  secure,” 
says  Phil  Go,  CIO  at  design  and  construc¬ 
tion  services  company  Barton  Malow  in 
Southfield,  Mich.  “Numbers  from  an  objec¬ 
tive  study  would  help  me.  I  don’t  even  need 
to  get  hung  up  on  the  exact  numbers  as  long 
as  I  can  prove  the  numbers  are  there  from  an 
unbiased  study.” 

If  the  new  findings  about  ROSI  are  proven 
true,  they  will  fundamentally  change  how 
information  security  vendors  sell  security  to 
you  and  how  you  sell  security  to  your  bosses. 
And  the  statement  “You  need  information 
security”  will  sound  as  commonsensical  as 
“You  need  fire  sprinklers.” 


Soft  ROSI 

Tom  Oliver,  a  security  architect  for  NASA, 
recently  spent  tens  of  thousands  of  dollars 
on  a  comprehensive,  seven-week  external 
security  audit.  At  the  end,  Oliver  received  a 
100-page  booklet  with  the  results — which 
were  mostly  useless. 

“[The  auditors]  said,  ‘You  were  very 


“It’s  very  easy  to  get  a  budget  for  security 
after  a  virus  hits.  But  it  makes  more  sense  to 
do  it  up  front.  Numbers  from  an  objective 

study  would  help  me.”  -PHIL  GO,  CIO,  BARTON  MALOW 


secure.  We  were  surprised  we  couldn’t  access 
more  [sensitive  data],”’  says  Oliver,  who  is 
employed  by  Computer  Sciences  (under  con¬ 
tract  to  NASA)  at  the  Marshall  Space  Flight 
Center  in  Huntsville,  Ala.  “But  I  wanted  to 
know  how  we  compared  to  other  govern¬ 
ment  agencies.  If  I  put  another  $500,000  into 
security,  will  that  make  me  more  secure? 

“There  was  no  return  on  investment  in 
there  at  all,”  he  adds.  “I  spent  $110,000, 
and  I  got,  ‘You’re  good.’  What’s  that?” 

This  is  the  dilemma  that  faces  CIOs  and 
CSOs  everywhere.  A  lack  of  data  on  infose- 


curity  makes  it  difficult  to  quantify  what 
security  gets  you.  In  lieu  of  numbers,  infor¬ 
mation  executives  rely  on  soft  ROSIs — 
explanations  of  returns  that  are  obvious  and 
important  but  impossible  to  verify. 

Executives  know  the  threat  is  real,  but 
CIOs  say  executives  don’t  feel  the  threat.  No 
one  buys  burglar  alarms  until  someone  they 
know  is  robbed.  For  that  reason,  IT  relies 
on,  more  than  anything,  fear,  uncertainty 
and  doubt  to  sell  security — in  other  words, 
FUD.  The  thinking  is,  if  you  scare  them,  they 
will  spend. 
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But  even  FUD  has  limitations,  especially 
during  a  recession.  The  signs  of  the  down 
economy’s  impact  are  everywhere.  At 
Fidelity,  the  chief  information  security  officer 
(CISO)  position  was  eliminated.  At  State 
Street  Global  Advisors  in  Boston,  CISO 
Michael  Young  needs  four  more  security 
staffers,  but  there’s  a  hiring  freeze.  “If  we 
invest  in  anything  that  promotes  less  down¬ 
time,  that’s  a  positive  ROI,”  Young  says. 
“But  still,  there’s  no  quantified  value  associ¬ 
ated  with  [staffing],  and  that’s  a  problem.  If  I 
could  go  in  there  with  a  return  on  the  bot¬ 
tom  line  resulting  from  these  hires,  bingo! 
That  would  be  it.” 

To  say  there’s  no  good  ROSI  data  is  not 
to  say  there’s  no  data.  Numbers  are  indeed 
used  to  sell  security;  it’s  just  that  they’ve  had 
zero  statistical  validity. 

The  marquee  example  of  that  is  the  Com¬ 
puter  Security  Institute’s  (CSI)  annual  com¬ 
puter  crime  survey.  Each  year,  CSI  and  the 
FBI  report  security  trends  in  plain,  often 
stark  terms.  The  2001  report’s  centerfold 
is  a  chart  called  “The  Cost  of  Computer 
Crime.”  It  says  that  losses  from  computer 
crime  for  a  five-year  period  from  1997  to 
2001  were  an  eye-popping  $1,004,135,495. 

There’s  just  one  problem  with  that  num¬ 
ber.  “It’s  crap,”  says  Bruce  Schneier,  security 


expert,  founder  and  CTO  of  security  serv¬ 
ices  vendor  Counterpane  Internet  Security 
in  Cupertino,  Calif. 

“There’s  absolutely  no  methodology 
behind  it.  The  numbers  are  fuzzy,”  agrees  Bill 
Spernow,  CISO  of  the  Georgia  Student  Fi¬ 
nance  Commission  in  Atlanta.  “If  you  try  to 
justify  your  ROSI  this  way,  you’ll  spend  as 
much  time  just  trying  to  justify  these  num¬ 
bers  first.” 

Therein  lies  the  appeal  of  the  current 
crop  of  studies.  They  have  scientific  method 
and  a  foundation  of  previously  established 
research. 

Hard  Numbers,  at  Last 

In  2000  and  2001,  a  team  at  the  University 
of  Idaho  followed  George  Parmalee’s  exam¬ 
ple.  The  team  built  an  intrusion  detection 
box,  a  security  device  that  sits  at  the  edge 
of  a  network  and  watches  for  suspicious 
activity  among  users  who  get  past  the  fire¬ 
wall.  Incoming  traffic  that  follows  a  certain 
pattern  is  flagged,  and  someone  is  alerted  to 
look  into  it. 

The  researchers  then  hacked  the  box, 
code-named  Hummer.  Their  goal  was  to 
prove  that  it’s  more  cost-effective  to  detect 
and  then  deal  with  attacks  using  intrusion 
detection  than  it  is  to  try  to  prevent  them 


using  other  means.  The  problem  was  assign¬ 
ing  valid  costs  for  this  cost-benefit  analysis. 
For  instance,  what  does  it  cost  to  detect  an 
incident?  What  are  day-to-day  operational 
costs  of  security?  What  are  the  cost  conse¬ 
quences  if  you  miss  an  attack? 

The  Idaho  team,  led  by  University  of 
Idaho  researcher  HuaQiang  Wei,  began  by 
culling  research  from  all  over.  Then  they 
combined  what  they  found  with  some  of 
their  own  theories,  assigning  values  to  every¬ 
thing  from  tangible  assets  (measured  in  dol¬ 
lars  with  depreciation  taken  into  account) 
to  intangible  assets  (measured  in  relative 
value,  for  example,  software  A  is  three  times 
as  valuable  as  software  B).  Different  types 
of  hacks  were  assigned  costs  according  to 
an  existing  and  largely  accepted  taxonomy 
developed  by  the  Department  of  Defense. 
Annual  Loss  Expectancy  (ALE)  was  figured. 
ALE  is  an  attack’s  damage  multiplied  by  fre¬ 
quency.  In  other  words,  an  attack  that  costs 
$200,000  and  occurs  once  every  two  years 
has  an  ALE  of  $100,000. 

To  verify  the  model,  the  team  went  about 
attacking  their  intrusion  detection  box  with 
commonly  attempted  hacks  to  see  if  the 
costs  the  simulation  produced  matched  the 
theoretical  costs.  They  did. 

Determining  cost-benefit  became  the  sim- 


Idaho  researchers 

developed  this  formula  for  calculating  the  ROI  of  using  intrusion  detection  as  a  security  defense 


T  is  the  cost  of  the  intrusion 
detection  tool. 


R  is  the  cost  per  year  to 
recover  from  any  number 
of  intrusions. 


(R-E)  +  T  =  ALE 


E  is  the  dollar  savings 
gained  by  stopping  any 
number  of  intrusions 
through  the  introduction 
of  an  intrusion  detection 
tool. 


Doing  this 
equation 
yields  the 
Annual  Loss 
Expectancy, 


R  -  (ALE)  =  ROSI 

To  determine  our  return  on  security 
investment  (ROSI)  we  simply  subtract 
what  we  expect  to  lose  in  a  year  (ALE) 
from  the  annual  cost  of  intrusion. 
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pie  task  of  subtracting  the  security  invest¬ 
ment  from  the  damage  prevented.  If  you  end 
up  with  a  positive  number,  there’s  a  positive 
ROSI.  And  there  was.  An  intrusion  detec¬ 
tion  system  that  cost  $40,000  and  was 
85  percent  effective  netted  an  ROI  of 
$45,000  on  a  network  that  expected  to  lose 
$100,000  per  year  due  to  security  breaches. 

If  applied  to  real-life  examples,  the  Idaho 
model  could  produce  the  data  that  CIOs 
need  in  order  to  demonstrate  not  only  that 
their  investment  pays  off,  but  by  how 
much.  Next,  the  Idaho  team  wants  to 
put  the  ROSI  analysis  inside  Hum¬ 
mer.  As  threats  are  detected,  the  box 
will  compare  response  cost  against 
damage  cost.  Only  if  the  damage  cost 
is  higher  will  it  stop  an  attack.  In 
other  words,  the  device  itself  decides  if 
it’s  cost-effective  to  launch  an  emer¬ 
gency  response. 

Of  course,  Hummer’s  data  would 
be  logged  for  review.  Putting  those 
features  in  commercial  intrusion 
detection  systems  would  yield  reports 
that  showed  how  much  money  CIOs 
saved  using  intrusion  detection.  This 
would  then  allow  them  to  compare 
the  costs  of  one  security  system 
against  another.  And  wouldn’t  that 
be  handy? 

The  Value  of  Building 
Security  in  Early 

While  Idaho  was  toying  with  Hummer,  a 
group  of  researchers  from  MIT,  Stanford 
University  and  @Stake,  a  security  consul¬ 
tancy  located  in  Cambridge,  Mass.,  was 
playing  with  Hoover. 

Hoover  is  a  database.  Amassed  by 
@Stake,  it  contains  detailed  information 
about  software  security  flaws — from  simple 
oversights  to  serious  weaknesses.  Hoover 
reveals  an  ugly  truth  about  software  design: 
Securitywise,  it’s  not  very  good. 

Right  now,  Hoover  contains  more  than 
500  data  entries  from  nearly  100  companies. 
Participants  in  the  study,  such  as  Bedford, 
Mass. -based  RSA  and  Fairfax,  Va. -based 
WebMethods,  wanted  to  assess  how  secure¬ 


ly  they  were  building  their  software  and  how 
to  do  it  better. 

First,  the  Hoover  group  focused  on  the 
ROSI  of  secure  software  engineering.  The 
group  wanted  to  prove  a  concept  that  seems 
somewhat  intuitive:  The  earlier  you  build 
security  into  the  software  engineering  pro¬ 
cess,  the  higher  your  return  on  that  invest¬ 
ment.  And  prove  it  they  did. 

It  took  1 8  months  of  letting  Hoover  suck 
up  data  from  @Stake’s  clients  to  create  a  rep¬ 


resentative  sample  of  the  entire  software 
landscape.  Data  in  hand,  they  looked  for  pre¬ 
vious  research  to  base  their  work  on.  There 
was  little,  so  they  made  a  critical  assump¬ 
tion,  which  unlocked  the  study’s  potential. 
The  team  decided  that  a  security  bug  is  no 
different  than  any  other  software  bug. 

Suddenly,  security  was  a  quality  assurance 
game,  and  there  was  a  ton  of  existing  data 
and  research  on  quality  assurance  and  soft¬ 
ware.  For  example,  one  bit  of  research  they 
used  came  from  a  widely  accepted  1981 
study  that  said  that  spending  a  dollar  to  fix  a 
bug  (any  bug)  in  the  design  process  saves 
$99  against  fixing  it  during  implementation. 

“The  idea  of  security  software  as  quality 
assurance  is  extremely  new,”  according  to 
team  member  and  Stanford  economics  PhD 


Kevin  Soo  Hoo.  “Security  has  been  an  add¬ 
on  at  the  last  minute,  and  detecting  security 
problems  has  been  left  to  users.”  And,  of 
course,  hackers. 

With  the  research  in  hand,  Soo  Hoo,  MIT 
Sloane  School  of  Management  student  An¬ 
drew  Sudbury  and  @Stake  Director  Andrew 
Jaquith  tweaked  the  general  quality  assur¬ 
ance  models  to  reflect  the  security  world,  as 
based  on  the  Hoover  data. 

Overall,  the  average  company  catches  only 
a  quarter  of  software  security  holes. 
On  average,  enterprise  software  has 
seven  significant  bugs,  four  of  which 
the  software  designer  might  choose 
to  fix.  Armed  with  such  data,  the  re¬ 
searchers  concluded  that  fixing  those 
four  defects  during  the  testing  phase 
cost  $24,000.  Fixing  the  same  defects 
after  deployment  cost  $160,000, 
nearly  seven  times  as  much. 

The  ROSI  breakdown:  Building 
security  into  software  engineering  at 
the  design  stage  nets  a  21  percent 
ROSI.  Waiting  until  the  implementa¬ 
tion  stage  reduces  that  to  15  percent. 
At  the  testing  stage,  the  ROSI  falls 
to  12  percent. 

“Our  developers  have  said  they 
believe  they  save  30  percent  by  put¬ 
ting  security  in  earlier,  and  it’s 
encouraging  to  see  proof,”  says 
Mike  Hager,  vice  president  of  network  secu¬ 
rity  and  disaster  recovery  at  Oppenheimer 
Funds  in  Engelwood,  Colo.  “Executives 
need  answers  to  questions  like,  ‘What  risk 
am  I  mitigating?’  We  haven’t  had  the  means 
to  educate  them  without  FUD.”  From  num¬ 
bers  like  those,  he  adds,  “We’ll  be  able  to  sell 
security  from  a  business  perspective.” 

Hoover  keeps  growing.  The  group  plans 
to  publish  other  ROSI  numbers.  Next  up: 
assigning  a  statistically  valid  ROSI  to  inci¬ 
dent  readiness.  It  will  (they  hope)  show  how 
ROSI  increases  as  the  effective  response  time 
to  a  security  incident  decreases. 

The  Law  of  Diminishing  ROSI 

If  you  want  to  give  CEOs  and  CFOs  a  ROSI 
they  can  love,  show  them  a  curve. 


The  Earlier  You  Invest  in  Security, 

the  Greater  the  Return 

Researchers  found  that  you  get  a  21%  return  on  your 

security  investment  at  the  software  design  phase,  a 

15%  return  at  the  implementation  stage  and  a  12% 
return  at  the  testing  stage. 
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That’s  what  researchers  at  Carnegie 
Mellon  University  (CMU)  did  in  “The  Sur¬ 
vivability  of  Network  Systems:  An  Empirical 
Analysis.”  The  study  is  as  dense  and  dispas¬ 
sionate  as  its  title.  (So  are  its  bureaucratic 
underpinnings:  It  was  done  at  the  Software 
Engineering  Institute  in  conjunction  with  the 
public-private  cooperative  effort  called 
CERT,  both  housed  at  CMU.) 

The  study  measures  how  survivability  of 


attacks  increases  as  you  increase  security 
spending.  Economists  call  it  regression 
analysis.  It’s  basically  a  curve  showing  the 
trade-off  between  what  you  spend  and  how 
safe  you  are. 

To  get  the  curve,  the  team  relied  on  data 
from  CERT,  established  by  the  government 
in  1988  after  a  virulent  worm  took  down 
10  percent  of  the  then-very-limited  public 
network  (what  would  become  the  Internet). 


“Our  developers  have  said  they  believe  they 
save  30  percent  by  putting  security  in 
earlier,  and  it's  encouraging  to  see  proof.” 


-MIKE  HAGER,  VP  OF  NETWORK  SECURITY,  OPPENHEIMER  FUNDS 


CERT  logged  security  breaches  and  tracked 
threats,  mostly  through  the  volunteer  efforts 
of  the  private  and  public  organizations 
directly  affected. 

CMU  researchers  took  all  the  CERT  data 
from  1988  to  1995  and  modeled  it.  Among 
the  variables  they  defined  were  what  attacks 
happened,  how  often,  the  odds  any  one 
attack  would  strike  any  given  company, 
what  damage  the  attacks  produced,  what 
defenses  were  used  and  how  they  held  up. 

The  researchers  used  the  data  to  build  an 
engine  that  generated  attacks  on  a  simulated 
enterprise,  which  reflected  the  rate  and 
severity  of  attacks  in  the  real  world.  The 
computer  program  was  an  attack  dog — 
CMU  set  it  loose  on  a  fictitious  network  and 
said,  “Sic!” 

Then  they  recorded  what  happened,  how 
the  network  survived  the  attacks.  After  that, 
the  researchers  tweaked  the  variables. 
Sometimes  they  gave  the  faux-enterprise 
stronger  defenses  (higher  cost).  Other  times 
they  increased  the  probability  of  attack  to 
see  how  the  network  would  hold  up  against 
a  more  vicious  dog. 

An  inventive  aspect  of  the  CMU  study 
was  that  it  didn’t  treat  security  as  a  binary 
proposition.  That  is,  it  didn’t  assume  you 
were  either  hacked  or  not  hacked.  Rather  it 
measured  how  much  you  were  hacked. 
Survivability  was  defined  as  a  state  between 
0  and  1,  where  0  is  an  enterprise  completely 
compromised  by  attack,  and  1  is  an  enter¬ 
prise  attacked  but  completely  unaffected. 
This  provides  a  far  more  realistic  model  for 
the  state  of  systems  under  attack  than  an 
either-or  proposition. 

The  data  from  the  simulation  was  plotted 
on  a  curve.  The  X-axis  was  cost,  which  was 
in  absolute  terms  (that  is,  a  cost  of  10  is  twice 
as  much  as  a  cost  of  5,  but  they  don’t  have 
direct  analogs  to  dollars).  The  Y-axis  was 
survivability,  plotted  from  0  to  1. 

The  curve  looks  like  smoke  pouring  out 
of  a  smoke  stack;  it  rises  in  a  sharp  vertical  at 
first,  then  trails  off  in  an  ever  more  tapering 
curve.  The  ROSI  rises  as  you  spend  more, 
but  (and  this  will  gladden  the  hearts  of 
CFOs)  it  rises  at  a  diminishing  rate. 
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Security  ROI 


The  researchers  believe  that  they  could 
also  overlay  that  curve  with  something  called 
an  indifference  curve,  which  instead  of  map¬ 
ping  data  maps  behavior.  It  plots  the  points 
at  which  the  CEO  is  satisfied  with  the  com¬ 
bination  of  cost  and  survivability.  The  curve 
always  slopes  down  and  to  the  right,  like  the 
bottom  half  of  a  C. 

Where  the  indifference  curve  and  the 
actual  ROSI  curve  intersect  would  provide 
the  optimal  security  spending  point.  In  other 
words,  not  only  could  you  prove  you 
need  fire  sprinklers,  you  could  tell  the 
CEO  and  CFO  how  much  should  be 
spent  on  them. 

Green  Data  =  Skepticism 

Most  information  executives  and  secu¬ 
rity  experts  believe  these  ROSI  studies 
will  be  a  significant  new  tool.  But  a  cer¬ 
tain  caution  lingers.  Some  CIOs  point 
out  that  the  studies  are  useless  as  raw 
documents;  they  require  translation 
before  the  data  hits  their  desks.  Several 
executives  also  worried  about  applica¬ 
bility — taking  the  data  out  of  the  lab 
and  putting  it  in  the  real  world.  “The 
worst  thing  is  for  people  to  say  secu¬ 
rity  requires  a  trillion  dollars,  and  then 
offer  no  solution  in  the  real  world,” 
says  Micki  Krause,  director  of  infor¬ 
mation  security  of  PacifiCare  Health 
Systems,  an  HMO  in  Santa  Ana,  Calif. 

The  data  itself  was  also  a  concern.  The 
CERT  data  used  in  CMU’s  models  only 
went  to  1995,  for  example.  The  model  for 
types  and  frequency  of  attacks  has  changed 
since  then.  And  while  Hoover,  @Stake’s 
database,  provides  gritty  details  about  secu¬ 
rity  holes  in  software,  they  are  gritty  details 
only  from  companies  willing  to  participate. 
Is  that  representative? 

In  risk  management  parlance,  the  actuar¬ 
ial  data  is  quite  green,  and  CIOs  bemoan 
that  fact.  The  rub  is,  you  can’t  just  collect 
data  about  security  the  way  you  can  about 
auto  accidents.  More  CIOs  must  agree  to 
disclose  detailed  data  about  the  state  of  their 
own  security  in  order  to  build  a  portfolio  of 
numbers  that  will  test  the  early  theories. 


CIOs  want  proof,  yet  they  don’t  want  to 
be  the  ones  providing  the  data  that  will 
improve  the  science.  Those  collecting  data 
have  promised  privacy  in  exchange  for  the 
knowledge  of  what  the  enterprise  is  spend¬ 
ing  on  security,  but  it’s  slow  going  getting 
recruits.  “At  CERT  we’ve  protected  confi¬ 
dentiality  for  12  years.  But  it’s  so  hard 
because  they  keep  [data]  to  themselves,”  says 
Jim  McCurley,  technical  staff  at  Software 
Engineering  Institute.  Despite  all  this,  security 


experts  such  as  Georgetown’s  Denning  be¬ 
lieve  that  those  studies  are  the  beginning  of 
a  golden  age  in  information  security,  with 
the  potential  to  change  every  aspect  of  secu¬ 
rity — from  how  it’s  built,  to  how  it’s  per¬ 
ceived  in  the  enterprise,  to  how  it’s  paid  for. 

Such  research  could  set  off  a  chain  reac¬ 
tion.  First,  ROSI  numbers  could  be  used  to 
convince  executives  to  invest  in  security, 
thereby  spurring  the  development  of  new 
technologies  and  the  hiring  of  more  knowl- 
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edgeable  security  workers. 

Then,  as  the  studies  are  repeated  and 
improved,  insurance  companies  could  use 
the  ROSI  numbers  to  create  “hacking  in¬ 
surance,”  with  adjustable  rates  based  on 
what  security  you  employ.  Dave  O’Neill  will 
be  one  of  the  people  writing  those  insurance 
plans  over  the  next  year.  Currently,  as  vice 
president  of  e-commerce  solutions,  he  writes 
plans  for  general  e-commerce  insurance  for 
Schaumburg,  Ill.-based  Zurich  North  Amer¬ 
ica.  Today,  he  confesses,  the  rates  for 
such  plans  are  mostly  set  by  guesswork. 
Zurich  bases  its  premiums  largely  on  a 
58-question  yes-or-no  survey,  with 
questions  such  as  “Are  security  logs 
reviewed  at  least  daily  for  suspicious 
activities?” 

“From  our  perspective  this  will 
change  by  the  end  of  2002.  It  will  be 
a  whole  different  landscape.  We’ll 
know  much  more  scientifically  how  to 
do  this,”  says  O’Neill.  “What  it  boils 
down  to  is  getting  credible  data.” 

The  insurance  industry  in  all  likeli¬ 
hood  will  be  the  engine  that  drives 
both  the  science  of  ROSI  and  the  tech¬ 
nology  of  security.  All  other  factors 
being  equal,  the  insurance  discounts 
will  eventually  make  one  Web  server 
a  better  buy  than  another.  Software 
vendors  will  be  forced  to  fix  the  holes 
in  their  products  in  order  to  benefit 
from  lower  premiums. 

In  fact,  that  is  precisely  what  happened 
with  fire  sprinklers.  Shortly  after  Parmalee’s 
fiery  demonstration,  British  insurance  carri¬ 
ers  began  offering  discounts  to  mill  owners 
who  bought  sprinklers  and  deeper  discounts 
to  owners  with  more  advanced  sprinkler  sys¬ 
tems.  Naturally,  insurance  rates  rose  on  mills 
without  them. 

Ultimately,  because  it  made  no  business 
sense  not  to  invest  in  fire  sprinklers,  every¬ 
one  had  them.  And  mill  owners  could  stop 
thinking  about  fires  and  start  thinking  about 
their  business.  (30 


How  do  you  justify  security  investment?  Let  Senior 
Writer  Scott  Berinato  know  at  sberinato@cio.com. 


For  More  Information  on  the 
Economics  Behind  Security 

A  good  primer  on  economic  terms  and 
techniques,  including  concepts  such  as 
indifference  curves. 

Stanford  economist  Kevin  Soo  Hoo’s  thesis  on 
quantifying  infosecurity.  It's  a  little  math- 
heavy,  but  it  contains  excellent  data  on  the  his¬ 
tory  of  the  problem  and  a  proposed  model  for 
fixing  it. 

The  CERT  website  has  an  entire  page  devoted 
to  emerging  research  on  survivability  and  the 
quantification  of  it.  It  includes  the  research 
highlighted  here.  -S.B. 
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COMPANY  INFO 

FOUNDED 

1935 

REVENUES 

$4.2  billion 

HEADQUARTERS 

New  York  City 

EMPLOYEES 

6,500,  plus  1,800  independent 
brokers 

CUSTOMERS 

29,000  corporate  customers  and 
multiemployer  groups,  representing 
4.3  million  individual  members 

MISSION 

To  provide  health  insurance  coverage 

URL 

www.empireblue.com 


Smooth  Selling 

Ahead 

Empire  Blue  Cross  and  Blue  Shield  slashed  its  sales  cycle 
from  27  days  to  just  two  or  three  with  the  help  of  sales-force 
automation  software  by  simone  kaplan 


CRM  OBJECTIVE 

Streamline  manual  sales  and 
enrollment  processes  through 
Web-based  sales-force 
automation  software 

THE  PLAYERS 

DAVID  B.  SNOW  JR. 

President  and  COO 

KENNETH  0.  KLEPPER 

Senior  Vice  President,  Systems, 
Technology  and  Infrastructure 

STEPHEN  BELL 

Vice  President  of  E-Business 
Operations 


THE  EXPERT 

WENDY  CLOSE 

CRM  Research  Director,  Gartner 


THE  HEALTH  INSURANCE  industry  is  one  of  the 

most  complex  on  the  planet.  With  hefty  gov¬ 
ernment  regulations,  it’s  a  tall  order  to  offer 
high-quality  coverage  efficiently.  And  for  Empire 
Blue  Cross  and  Blue  Shield  of  New  York,  which 
relies  heavily  on  independent  brokers  to  gener¬ 
ate  sales,  success  depends  on  making  its  prod¬ 
uct  more  valuable,  more  convenient  and  easier 
to  sell  than  the  competitor’s. 

Empire  took  a  serious  look  at  its  sky-high 
administrative  costs  and  convoluted  sales  and 
enrollment  process,  and  realized  it  had  to  stream¬ 
line.  Having  a  paper-based,  delay-filled  sales 
process  wasn’t  exactly  endearing  the  company 
to  brokers.  And  the  practice  of  generating  more 
than  60  copies  of  each  new  client’s  enrollment 
forms  was  hardly  helping  Empire’s  bottom  line. 
An  effort  to  reduce  that  paperwork  evolved  into 
a  Web-based  sales-force  automation  system  that 
empowered  Empire’s  network  of  independent 
sales  brokers  to  serve  customers  efficiently. 


A  Complex  Sales  Process 

As  the  largest  health  insurance  provider  in  New 
York,  Empire  manages  more  than  29,000  cor¬ 
porate  employer  accounts,  of  which  about 
26,700  are  small  to  midsize  companies  employ¬ 
ing  50  people  or  fewer.  Empire  services  these 
“community  rated”  employers  via  some  1,800 
registered  independent  sales  brokers.  Because 
each  customer’s  needs  are  different,  brokers 
must  produce  customized  coverage  estimates  for 
each  one.  For  example,  some  companies  want 
preferred  provider  plans,  and  some  want  health 
maintenance  plans.  Each  plan  has  different 
“riders,”  or  options,  attached,  such  as  vision 
care  or  prescription  coverage. 

In  the  past,  a  broker  would  call  Empire’s 
broker  relations  department,  pass  along  the 
customer’s  specs  and  then  wait  for  Empire  to 
calculate  a  price  quote.  The  broker  then  relayed 
the  quote  back  to  the  customer,  who  would 
either  accept  it  or  ask  for  modifications — in 
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which  case  the  broker  had  to  contact 
Empire  again  and  request  a  revised  quote. 
When  a  quote  was  finally  accepted,  the  bro¬ 
ker  filled  out  and  filed  one  set  of  paperwork 
while  the  customer  filled  out  a  group  appli¬ 
cation  and  sent  it  directly  to  Empire. 
Whenever  Empire  revised  its  plan  structure, 
brokers  found  themselves  with  outdated 
enrollment  forms. 

“We  would  use  the  forms  we  had  on 


hand,  submit  them  to  Empire,  who  would 
reject  them  because  our  forms  were  out¬ 
dated,”  says  Thomas  Vazoulas,  an  account 
broker  with  Corporate  Consulting  Services, 
an  independent  consultancy  based  in  New 
York  City.  “Then  we’d  have  to  fill  out  more 
forms.  It  was  discouraging  to  have  to  use  up 
that  much  time  just  to  redo  forms  and  get 
the  process  done.” 

The  company  then  made  60  copies  of  the 


“We  had  33  redundancy 
audit  checks— where  we 
go  over  information  to 
make  sure  it’s  correct. 
We  had  created  this 
nightmare.” 

-STEPHEN  BELL,  VICE  PRESIDENT 
OF  E-BUSINESS  OPERATIONS, 

EMPIRE  BLUE  CROSS  AND  BLUE  SHIELD 


enrollment  paperwork,  filing  it  within  1 1 
departments  at  Empire.  Even  then,  fully 
67  percent  of  the  forms  had  to  be  returned 
or  double-checked  by  phone  with  the  bro¬ 
kers  because  of  errors  or  omissions. 

Since  they  couldn’t  generate  quotes  them¬ 
selves  or  process  the  paperwork,  the  bro¬ 
kers  were  completely  dependent  on  Empire’s 
broker  relations  staff,  who  were  around 
only  during  normal  business  hours.  As  a 
result,  it  took  about  27  days  to  shepherd  a 
new  customer  through  the  sales  and  enroll¬ 
ment  process.  Then  employees  had  to  wait 
another  week  to  10  days  to  get  their  ID 
cards.  “Most  clients  look  immediately  for 
the  ID  cards,”  says  Vazoulas.  “If  they’re 
delayed,  the  clients  don’t  feel  secure  because 
they  don’t  know  if  their  health  plan  is 
in  effect.” 

The  Quest  to  Streamline 

In  late  1998,  Stephen  Bell,  vice  president  of 
e-business  operations,  and  Kenneth  O. 
Klepper,  senior  vice  president  of  systems, 
technology  and  infrastructure,  began  devel¬ 
oping  a  “print  on  demand”  system  to  reduce 
the  vast  mountains  of  quickly  outdated  ben¬ 
efits  brochures  and  contracts  that  sat  in  stor¬ 
age  rooms.  In  the  process  of  working  out  the 
details,  Bell  and  Klepper  got  a  glimpse  of 
how  inefficient  the  sales  and  enrollment 
process  really  was.  In  April  1999,  Empire 
brought  in  David  B.  Snow  Jr.  as  COO.  With 
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EXPERT  ANALYSIS 

THINKING  LIKE  A  BROKER 

BY  WENDY  CLOSE 

THE  EMPIRE  BLUE  CROSS  AND  BLUE  SHIELD  case  study 
offers  several  examples  of  best  practices  that  companies 
should  follow  when  deploying  technology  to  the  sales 
organization. 

The  first  thing  Empire  did  right  was  that  it  examined  its 
sales  process.  Many  companies  automate  flawed  sales 
processes.  A  poorly  defined  or  flawed  sales  process  is  a 
common  cause  of  failed  sales  technology  rollouts.  An 
organization  must  seek  to  develop  a  common  set  of 
"winning”  sales  processes.  Only  then  can  technology  be 
applied  to  reinforcing  the  selling  process. 

The  next  correct  move  Empire  made  was  that  it  focused 
on  automating  key  steps  in  the  sales  process  from  the 

brokers’  perspective,  not  management's  perspective.  Many  sales  technology  roll¬ 
outs  fail  because  they  do  just  the  opposite— focus  on  management  needs,  with  not 
enough  emphasis  on  salespeople  and  customers.  Automating  activities  to  close 
more  sales  by  removing  barriers  should  be  the  primary  target  of  any  sales  automa¬ 
tion  effort,  and  not  improved  pipeline,  forecasting  and  reporting  mechanisms  for 
management.  If  the  application  does  decrease  the  time  a  customer  has  to  wait  for 
enrollment,  then  it’s  a  real  win  as  customers  benefit  from  the  technology  also. 

The  third  smart  move  Empire  made  was  that  it  picked  compelling  sales  applica¬ 
tions  to  deploy— a  sales  configurator  and  a  proposal  generator.  Sales  configurators 
not  only  provide  cost  savings  (by  reducing  order  rework  expenses  associated  with 
misconfigured  orders),  they  also  have  the  potential  to  significantly  enhance 
revenue.  Gartner  estimates  that  product  configuration  deployments  will  provide 
sales  organizations  with  at  least  a  2  percent  increase  in  both  win  rates  and  order 
size,  resulting  in  an  increase  of  5.4  percent  in  revenue.  We  also  estimate  that 
enterprises  adopting  a  proposal  generation  system  will  cut  in  half  the  time  it  takes 
to  create,  edit,  approve  and  produce  a  professional  proposal. 


Wendy  Close,  a  CRM 
research  director  at 
Gartner,  is  a  CRM 
generalist  with  10 
years  of  experience. 
She  can  be  reached  at 
inquiry@gartner.  com . 


a  list  of  core  business  practices  in  hand,  he 
zeroed  in  on  sales  and  enrollment  as  an  area 
ripe  for  change.  “It  was  labor-intensive,  slow 
and  cumbersome,”  say  Snow,  who  now 
serves  as  both  president  and  COO. 

First,  Snow  and  his  team  took  a  hard 
look  at  the  existing  paper-based  process. 
They  took  over  a  conference  room  and  cre¬ 
ated  a  color-coded  map  of  the  sales  process; 
no  one  had  ever  before  tracked  it  from  start 
to  finish.  “It  was  like  a  grapevine,”  Bell  says 
of  the  process  map.  “It  just  got  bigger  and 
bigger.  For  the  first  time,  we  realized  that 
there  were  33  redundancy  audit  checks — 
where  we  go  over  information  to  make  sure 
it’s  correct — built  into  the  process.  We  had 
created  this  nightmare.” 

They  began  by  eliminating  all  the  loops 
and  unnecessary  steps,  such  as  the  need 
for  brokers  to  keep  calling  the  company 
for  revised  quotes.  “Wherever  there  were 
repeats,  we  tried  to  eliminate  them,”  Bell 
says.  The  team  managed  to  cut  the  essential 
steps  from  80  to  40.  That  was  the  easy  part, 
he  says;  then  came  the  daunting  task  of  find¬ 
ing  an  application  to  make  the  streamlined 
map  a  reality. 

Because  Empire’s  sales  channel  was  so 
complex,  Bell  decided  that  Empire  couldn’t 
go  with  an  off-the-shelf  application.  And  he 
quickly  saw  the  value  of  moving  the  process 
to  the  Web.  Bell  and  Klepper  hired  Firepond 
of  Waltham,  Mass.,  to  customize  its  pro¬ 
posal  configurator  and  develop  a  quote 
engine  and  group  enrollment  process  for 
Empire.  Because  Empire  lacked  in-house 
experience  and  resources  for  handling  an 
enterprisewide  application  (“Mostly,  we 
knew  about  mainframes,”  says  Klepper), 
they  kept  the  IT  department  close  to  the 
project  so  that  staffers  could  learn  from  the 
experience.  The  department  also  had  to  inte¬ 
grate  the  application  with  Empire’s  legacy 
mainframes,  a  process  that  was  tedious  but 
critical,  according  to  Bell. 

Empowered  Brokers 

Empire’s  Broker  Services  Application,  which 
includes  the  quote  engine  and  proposal  con¬ 
figurator  and  enables  online  group  enroll¬ 


ment,  went  live  in  October  2000.  The 
browser-based  quote  engine  frees  brokers 
from  having  to  call  Empire  to  crunch  num¬ 
bers  every  time  they  need  a  quote.  Instead, 
they  can  now  enter  the  relevant  customer 
data  themselves  online,  and  an  automated 
formula  generates  a  quote  in  a  matter  of 
seconds.  The  proposal  configurator  lets  the 
brokers  go  online  to  create  custom  propos¬ 
als  according  to  each  customer’s  require¬ 
ments,  pull  together  current  information 
about  all  the  plan  options  and  riders,  and 
print  all  the  relevant,  up-to-date  informa¬ 


tion  based  on  the  customer’s  specifications. 

If  the  client  isn’t  satisfied  with  a  partic¬ 
ular  quote,  the  broker  can  go  back  online 
and  change  the  specifications.  Upon  mak¬ 
ing  a  sale,  a  broker  no  longer  has  to  wade 
through  piles  and  piles  of  paper,  but  can 
go  online  to  enroll  a  new  account.  The 
password-protected  system  also  lets  agents 
maintain  customer  information  online, 
where  it’s  accessible  around  the  clock. 

Because  Bell  and  his  team  drafted  a 
panel  of  computer-savvy  brokers  and  sol¬ 
icited  their  input  throughout  the  applica- 
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Intrusion  Prevention  by  Symantec. 

Hackers,  saboteurs  and  cyberthieves  can  find  a  new  hobby.  Symantec  Enterprise  Security  can  handle  their  best 
(and  worst)  efforts,  protecting  your  entire  network — servers,  remote  users,  Web  applications,  even  desktops. 
With  the  technology  the  services  and  the  knowledge  to  bring  it  all  together,  Symantec  Enterprise  Security  keeps 
the  bad  guys  out  and  your  company  safe.  More  info ?  Visit  www.symantec.com/ses3  or  call  800-745-6054  x  9AZ3. 
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Case  Files  |  Customer  Focus 

tion  development  process,  they  wound  up 
with  a  system  that  has  made  life  easier 
for  the  brokers.  By  Oct.  31,  2001,  all  of 
Empire’s  1,800  independent  brokers  had 
registered  on  the  site,  Bell  says.  When  the 
site  went  live,  Empire  aimed  for  getting 
15  percent  of  the  brokers  to  use  its  self- 
service  functionality.  As  of  October,  more 
than  45  percent  were  regularly  generating 
their  own  quotes  online. 

Empire  agents  using  the  site  now  handle 
an  average  of  45  percent  more  quotes; 
Vazoulas  says  that  while  he  used  to  process 
20  quotes  a  day,  he  now  handles  50.  Most 
important,  the  enrollment  process  that  once 
dragged  out  over  27  days  now  takes  just  two 
to  three  days  to  complete  online.  (Brokers 
sticking  with  the  paper-based  system,  how¬ 
ever,  still  have  to  deal  with  the  time  lag.) 

“Everything  that  a  customer  could  ask 
is  answered  up  front  with  the  system,” 
Vazoulas  says.  “The  printed  quote  gives  a 
summary  of  the  entire  contract  with  bene¬ 
fits  and  riders  and  details  that  wouldn’t 
otherwise  be  available  unless  we  had  a 
brochure  on  hand,  and  those  are  never  up- 
to-date.  The  fact  that  they  can  see  it  up  front 

CRM  AT  EMPIRE 

PROCESS  CHANGES 

Instead  of  depending  on  Empire  staff 
to  generate  and  modify  quotes, 
independent  brokers  can  now  get 
sales  quotes  immediately  on  the 
website.  Brokers  can  also  enroll 
customers  online,  eliminating  the 
need  for  Empire  to  make  60  paper 
copies  of  enrollment  documents. 

ENABLING  TECHNOLOGY 

The  Firepond  SalesPerformer  Config¬ 
urator  and  Channel  SalesPerformer 
of  Firepond's  SalesPerformer  Suite. 

PAYOFF 

Decreased  average  group  enrollment 
time  from  27  days  to  two  or  three 
days;  agents  using  the  site  now 
process  an  average  of  45  percent 
more  quotes. 


and  go  over  their  plan  line  by  line  makes  it 
much  easier  for  them.”  Because  he’s  already 
sent  clients  custom  proposals  created  with 
the  proposal  configurator,  when  Vazoulas 
visits  them  face-to-face,  about  half  have 
already  made  up  their  minds  to  buy  Empire’s 


ters  at  the  World  Trade  Center  on  Sept.  1 1 . 
The  company  used  the  sites  to  reassure  bro¬ 
kers,  members  and  physicians  that  Empire 
was  up  and  running  and  to  post  contact 
information  for  its  other  offices. 

In  2002,  the  company  plans  to  create 


"I  can  usually  tell  how  happy  the  customer  is 
based  on  how  much  negative  feedback  I  get. 
With  this  system,  I  get  no  negative  feedback.” 

-THOMAS  VAZOULAS,  ACCOUNT  BROKER,  CORPORATE  CONSULTING  SERVICES 


services.  As  a  result,  he  sells  on  average  twice 
as  many  Empire  policies  now  than  he  did 
before.  From  a  broker’s  standpoint,  it’s  an 
easier  sale  with  the  new  technology,  he  says. 

Empire  measures  customer  satisfaction 
through  mail  surveys,  but  Bell  says  it’s  too 
early  to  gauge  whether  the  company’s  Web 
strategy  has  had  a  quantifiable  impact  on 
customer  relations.  Although  assessing  a 
client’s  level  of  satisfaction  can  be  difficult, 
Vazoulas  says  brokers  are  not  hearing  many 
complaints  about  the  speed  of  enrollment. 

“I  can  usually  tell  how  happy  the  customer 
is  based  on  how  much  negative  feedback  I 
get,”  Vazoulas  says.  “If  there’s  something  they 
don’t  like,  I’ll  hear  about  it  up  front.  But  with 
this  system,  I  get  no  negative  feedback.” 

In  the  first  six  months  of  2001,  Empire’s 
small-group  sales  increased  274  percent  com¬ 
pared  with  the  same  time  period  the  year 
before,  although  the  company  isn’t  sure  how 
much  of  that  increase  can  be  attributed  to  the 
new  enrollment  process.  Plans  to  run  an 
analysis  have  been  shelved,  Bell  says,  in  favor 
of  going  forward  with  updates  to  the  site. 

In  fact,  just  two  months  after  rolling  out 
Broker  Services,  the  company  launched  a 
website  that  lets  individual  members  access 
and  update  their  personal  data,  check  claim 
status  and  payments,  and  request  ID  cards. 
Last  summer,  it  launched  a  beta  version  of 
a  portal  for  physicians.  A  similar  site  for 
employer  groups  was  slated  for  completion 
by  the  end  of  2001.  These  portals  proved 
invaluable  when  Empire  lost  its  headquar- 


a  broker  services  application  to  handle 
customers  with  more  than  50  employees. 
Empire  will  also  allow  brokers  to  renew 
contracts  online.  This  time,  the  IT  depart¬ 
ment  is  doing  the  development  in-house. 

cio.com _ 

Read  more  customer  relationship 
management  Case  Files  on  our 

CRM  RESEARCH  CENTER  at 

www.cio.com/crm. 


Empire  is  also  concentrating  on  convinc¬ 
ing  the  independent  brokers  who  are  not  yet 
using  the  self-service  functionality  of  the  orig¬ 
inal  Broker  Services  Application  to  give  it  a 
try.  If  brokers  still  call  Empire  for  quotes, 
they  are  encouraged  to  use  the  Web  service 
by  the  Empire  sales  representatives,  who  use 
the  portal  to  dispatch  quotes.  “Like  with  any 
radical  change,  it’s  just  hard  to  get  people  to 
go  with  it,”  Bell  says.  A  lot  of  brokers  have 
told  him  that  they’re  eager  for  more  func¬ 
tionality  on  the  site — they  want  to  be  able 
to  enroll  individual  employees  online.  Empire 
is  working  on  that  right  now,  Bell  says. 

But  getting  the  most  out  of  the  system  is 
an  ongoing  process.  “It’s  a  matter  of  focus,” 
he  says.  “We  are  listening  to  what  people 
want.”  HE! 


Send  ideas  for  customer-focused  case  studies  to 
casefiles@cio.com.  Staff  Writer  Simone  Kaplan  can 
be  reached  at  s kaplan@cio.com. 
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The  MostTrusted  Name  in  e-Security® 

www.rsasecurity.com 
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When  your  business  is  online,  sealed  documents,  signatures  and  handshakes 
no  longer  work.  Let  RSA  Security  bring  authenticity  to  your  e-business. 


SECURITY- 


Wireless 


How  companies  jumped  n  hurdles 
of  wireless  technology:  budgetary  constraints,  security, 
bandwidth,  scalability  and  resistance  to  change 

BY  DANIELLE  DUNNE 


THE  PROMISE  OF  WIRELESS  is  information  at 
any  time,  anywhere.  But  it  remains  just  that— a 
promise.  In  the  real  world,  wireless  applications 
come  with  a  long  list  of  problems  and  a  short 
list  of  solutions.  Five  of  those  solutions  are 
presented  in  the  following  case  studies. 
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John  Halamka,  CIO 
of  CareGroup 
Healthcare  System, 
made  wireless 
secure  enough  to 
use  for  emergency 
admissions. 
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Problem:  Budgetary  Constraints 

Solution:  Get  What  You  Need,  Not  What  You  Want 

How  a  small  city  uses  wireless  to  keep  it  from  washing  out  to  sea 


Problem:  Security 

Solution:  Secure  Socket 
Layer  Encryption 

A  Boston  emergency  room 
sends  patient  information 
through  the  air 


There  are  47  patient  treatment 
rooms  in  the  new  emergency 
department  of  the  Beth  Israel 
Deaconess  Medical  Center  in 
Boston,  but  there  are  only  three  laptops  used 
for  patient  registration.  That  is  not,  however, 
a  problem;  it’s  a  plan. 

The  three  laptops  move  easily  from  bed 
to  bed,  using  a  wireless  LAN  to  connect  to 
the  network,  saving  the  hospital  money  and 
helping  to  knock  a  half  hour  off  the  time  it 
takes  for  most  patients  to  check  in. 

In  many  businesses,  using  a  wireless  LAN 
is  a  no-brainer;  but  in  a  hospital,  it  is  a  major 
accomplishment.  That’s  because  the  wireless 
LAN  standard  802.11b,  which  dictates  the 
parameters  for  speed  of  data,  access  points 
and  other  technical  specifications,  is  famous 
for  its  security  holes,  and  hospitals  are 
famous  for  their  need  for  security.  In  fact,  all 
U.S.  hospitals  are  governed  by  the  Health 
Insurance  Portability  and  Accountability  Act 
of  1996  (HIPAA),  a  federal  law  that  strictly 


The  island  city  of  Richmond,  British  Columbia,  has  a  problem.  The  city,  which 
sits  in  the  middle  of  the  Fraser  River,  is  flat  as  a  pancake.  If  the  river  rises 
too  high,  the  city’s  160,000  residents  could  be  washed  out  to  sea.  The  first 
line  of  protection  against  that  fate  is  a  system  of  180  pumping  stations  that 
work  around  the  clock  every  day  of  the  year,  pumping  water  off  the  island 
back  into  the  river. 

For  years,  Richmond  city  workers  employed  a  simple  method  of  monitoring  the  pump 
stations:  They  drove  around  town  in  pickup  trucks  and  looked  at  them.  If  the  red  light  atop  the 
pump  was  flashing,  they  knew  something  was  amiss.  If  the  light  wasn’t  flashing,  the  worker 
would  move  on  to  the  next  pump. 

Edward  Hung,  the  city’s  IT  manager,  knew  the  process  was  labor-intensive,  to  say  the  least. 
He  knew  that  a  better  solution  would  be  to  have  the  pumps  automatically  report  their  sta¬ 
tus  to  a  central  computer.  And  he  knew  that  an  even  better  solution  would  be  a  Web-based 
application  to  analyze  the  data  and  make  it  available  on  an  intranet  that  could  be  accessed 

from  computers  all  over  town. 


Edward  Hung, 

IT  manager  of 
Richmond, 

British  Columbia, 
put  city  workers 
on  handhelds 
that  warn  of 
flooding  from 
the 


Hung  worried  that  the  cost 
of  building  such  an  application 
was  beyond  the  reach  of 
his  meager  municipal  budget, 
but  making  sense  of  the  data 
was  a  priority — he  had  to 
do  it.  Hung  put  the  project 
out  to  bid,  and  New  York 
City-based  business  intelligence 
company  Information  Builders 
said  it  could  do  it  for  less 
than  $100,000. 


1  As  it  turned  out,  that  was  a 

good  decision.  As  the  project 

BP 

P,|fp?  # P.lf:  '  Builders  pointed  out  that  for  a 

$  \|  few  dollars  more,  Richmond 

could  buy  handheld  devices  so 
that  the  critical  pump  informa¬ 
tion  could  be  received  by  city 
workers  at  any  time,  any  place. 
Hung  was  able  to  keep  the  project  under  $100,000  and  give  his  engineers  access  to  real-time 
information  about  the  status  of  the  pumps. 

The  city  was  able  to  use  wireless  devices  without  breaking  the  bank  because  Hung  and 
his  team  kept  the  project  simple.  Instead  of  integrating  all  the  city’s  ERP  and  workflow 
applications  with  the  new  pump-monitoring  program,  they  pushed  only  the  data  from  the 
pump  systems. 

Today,  Richmond’s  five  city  engineers  can  receive  constant  updates  on  the  status  of  the 
pumping  system,  and  especially  in  the  spring,  the  entire  town  can  rest  easier.  ■ 


Wireless 


protects  the  privacy  and  confidentiality  of 
patient  records. 

The  technology  people  at  CareGroup 
Healthcare  System,  which  manages  that 
hospital  and  five  others,  were  well  aware 
of  the  security  risks  when  they  set  out  to 
deploy  laptops  in  Beth  Israel  Deaconess’s 
ER.  They  had  done  their  homework  and 
studied  reports,  such  as  the  recent  warning 
from  Stamford,  Conn. -based  Gartner  that 
by  the  end  of  2001,  30  percent  of  enter¬ 
prises  would  have  serious  security  expo¬ 
sures  stemming  directly  from  wireless  LAN 
deployments. 

“WEP  [wired  equivalent  privacy],  the 
standard  security  protocol  for  802.11b,  is 
not  very  secure,”  admits  John  Halamka, 
CIO  of  CareGroup.  “So  we  do  three  things 
to  make  it  safe.  First  of  all,  we  do  use  WEP, 
but  we  do  encryption  via  HTTPs  [adding  a 
secure  socket  with  an  additional  layer  of 
encryption  to  each  address],  and  then  we 
register  the  unique  address  of  every  network 
card  in  the  wireless  receiver  so  that  if  you 
are  walking  by  this  building  you  can’t  inter¬ 
cept  our  transmissions.” 

Phillip  Redman,  research  director  at 
Gartner,  agrees  that  secure  socket  layer 
encryption  should  do  the  trick.  “With  Web- 
based  technology,  secure  socket  layer 
encryption  is  a  very  secure  way  of  transfer¬ 
ring  information,”  he  says. 

At  CareGroup,  all  network  users  must 
log  in  to  get  on  the  hospital’s  system,  and 
the  IS  group  carefully  monitors  all  traffic 
to  weed  out  any  lurkers. 

Because  of  those  measures,  Halamka  con¬ 
siders  his  wireless  LAN  as  safe  as  one  can  be 
with  the  current  state  of  wireless  technologies. 

Today,  when  patients  are  admitted,  their 
information  is  logged  in  to  a  wireless  laptop, 
and  a  summary  of  their  record  is  instantly  dis¬ 
played  on  the  ER’s  whiteboard,  an  electronic 
screen  that  tracks  every  patient’s  medical  sta¬ 
tus,  location,  doctor,  labs,  EKGs  and  more. 
The  same  vital  information  is  also  available 
on  all  the  computers  in  the  ER,  where  it  can 
help  doctors  administer  the  best  treatment 
more  quickly  and  reduce  the  likelihood  of 
errors  based  on  misinformation.  ■ 


Problem:  Bandwidth 
Solution:  Slim  Down  Applications 

How  a  mortgage  lender  got  more  information  into  less  space 


* 
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For  eight  years,  Jim  Pathman,  CTO  of  Option  One,  a  wholesale  sub-prime  lender 
and  subsidiary  of  H&R  Block  based  in  Irvine,  Calif.,  thought  about  putting 
salespeople  on  laptops.  The  company’s  200  account  executives  were  spending 
more  than  80  percent  of  their  time  in  the  field,  and  they  relied  entirely  on  phone 
and  fax.  Pathman  knew  that  laptops  would  help  them  obtain  important  loan 
information,  such  as  a  pricing  application,  but  he  worried  that  the  cumbersome 
technology  was  more  trouble  than  it  was  worth.  He  imagined  them  wandering  around  a  gas 
station  with  a  briefcase  sprouting  spaghetti  wires,  searching  desperately  for  a  phone  jack. 

Then  wireless  appeared  on  the  scene,  and  Pathman  began  to  reconsider.  Still,  the  documents 
that  salespeople  routinely  received — such  as  12-page  faxes  and  other  reports  indicating  the  sta¬ 
tus  of  loans — were  so  large  that  downloading  them  over  a  wireless  connection  would  take 

forever.  What  Option  One  needed 
was  a  wireless  connection  that  could 
run  large  applications  and  move  large 
documents  quickly,  and  there  weren’t 
any.  So  the  company  found  a  way  to 
make  large  documents  small  and 
large  applications  simple  enough  to 
work  with  a  wireless  connection. 

In  doing  so,  it  had  to  reduce  the 
capabilities  of  several  applications, 
such  as  the  bandwidth-hogging  loan 
pricing  engine. 

The  five  items  that  survived  were: 
its  loan-pricing  engine,  underwriting 
guidelines,  e-mail,  send-and-receive 
fax  applications,  and  reporting  tools. 

In  April,  Option  One  salespeople 
finally  got  their  laptops  and  their  ini¬ 
tiation  to  wireless  communication  with  all  of  its  warts,  such  as  slow  data  transmission. 

“You  get  used  to  knowing  what  the  turnaround  is,”  says  Kathleen  Kaylor,  an  Option  One 
account  executive.  “If  you  are  synchronizing  into  the  VPN  wirelessly,  you  know  that  it  is  going 
to  take  a  while  and  you  can  do  something  else  while  it  is  syncing.” 

Pathman  says  salespeople  have  about  15  percent  of  the  functionality  they  will  have  two 
years  from  now.  The  system  will  become  faster  and  more  personalized.  The  laptops  will  be 
tied  in  to  the  workflow  system,  and  there  will  be  real-time  notification  of  action  items  on  spe¬ 
cific  loans.  Option  One  also  hopes  to  combine  the  two  applications  used  to  give  loan  estimates. 

Option  One  has  even  started  to  see  signs  of  a  return  on  its  $750,000  investment.  The 
up-to-the-minute  information  on  loans  and  loan  rates  allows  salespeople  to  make  immedi¬ 
ate  decisions.  In  at  least  one  case,  says  Pathman,  a  salesman’s  wireless  connection  allowed  him 
to  quickly  match  the  rate  offered  by  a  competitor. 

“From  a  revenue  and  commissions  perspective,”  says  Pathman,  “you  only  need  to  do 
one  or  two  more  loans  and  it  pays  for  itself.”  ■ 


Option  One  CTO  Jim  Pathman  knew  that  better 
access  to  information  would  help  mortgage  sales. 
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How  to  really  squeeze  your  storage 
while  maximizing  application 

Reducing  storage  costs  enterprise-wide  while  satisfying  your  customers’  demands  for  information  is 
faster,  easier  and  more  efficient  with  our  Application-Centric  Storage  Management"'  (ACSM™)  approach. 

ACSM,  as  delivered  by  the  PATROL®  Storage  Management  product  suite,  enables  you  to  recover 
storage  costs  by  tracking  asset  and  application  usage.  To  optimize  your  storage  investments  by 
proactively  anticipating  future  system  purchases.  And  to  lower  your  storage-administration  costs  by 
forecasting  capacity  thresholds  in  advance.  All  of  which  can  make  a  significant  impact  on  your  total 
storage  ownership  costs.  As  well  as  your  bottom  line. 

The  PATROL  Storage  Management  solution  graphically  displays  all  your  storage 
resources  -  simplifying  asset  management  and  providing  you  with  the  knowledge 
necessary  to  make  smarter  short-  and  long-term  storage-management  decisions.  So  you 
can  reduce  your  storage-ownership,  training  and  staffing  costs,  keep  your  mission-critical 
applications  performing  and  ensure  the  availability  of  your  business. 

We’ve  further  enhanced  this  solution  with  our  ACSM  Consortium,  which  maintains  key 
relationships  with  industry  leaders  to  ensure  that  you  get  the  strongest  products  for  your  infrastructure. 

To  discover  how  a  new  perspective  on  your  storage  environment  can  make  your  bottom  line 
look  better,  contact  BMC  Software  at  www.bmc.com/acsm/storage  or  800-865-4262.  And  start 
squeezing  your  storage  costs  down  to  size. 


costs 

availability. 


Gain  a  new  perspective 

ON  STORAGE  COST  SAVINGS. 
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Problem:  Scalability 

Solution:  Efficient  Systems 
Integration 

A  hospitality  company  gets  the 
message  around  the  world 

When  Carlson  Hospitality — 
which  franchises,  owns  and 
manages  hotels  such  as 
Country  Inns  &  Suites, 
Radisson  and  Regent — considered  getting  rid 
of  its  binder-size  monthly  status  reports  and 
replacing  them  with  sleek  handhelds  that 
would  deliver  real-time  information  about 
occupancy,  VIP  visits  and  overbooking,  the 
company  knew  the  project  wouldn’t  be  a 
walk  in  the  park.  Any  system  that  the  com¬ 
pany  built  would  have  to  eventually  work  at 
750  hotels  in  55  countries  and  accommodate 
more  than  2,000  users.  For  many  global  cor¬ 
porations,  the  very  thought  of  offering  so 
many  far-flung  people  access  to  so  much 
information  would  place  the  project  on  the 
chopping  block,  ready  to  be  scaled  down,  but 
Carlson  scaled  up. 

During  the  past  three  years,  the 
Minneapolis-based  company  spent  $21  mil¬ 
lion  rearchitecting  its  core  systems  and  inte¬ 
grating  data  from  at  least  six  databases.  And 
while  that  restructuring  was  not  done  with  a 
vast  wireless  project  in  mind,  the  resulting 
order  made  it  possible  for  the  technology 
team  to  push  the  hospitality  company’s  key 
indicators  out  over  a  wireless  LAN,  as  well 
as  a  wired  network.  The  integration  was  vital 
to  the  wireless  project  because  it  organized 
the  data  (occupancy  rates,  pricing  informa¬ 
tion  and  so  on)  from  all  the  company’s  dif¬ 
ferent  databases  in  ways  that  will  someday 
make  worldwide  distribution  feasible. 

“That  new  architecture  was  a  prerequisite 
to  having  the  data  available  to  work  with,” 
says  CIO  Scott  Heintzeman. 

But  Heintzeman  and  his  team  weren’t 
home  yet.  They  still  had  to  build  an  applica¬ 
tion  that  would  make  sense  of  the  informa¬ 
tion  as  it  was  presented  on  a  handheld 
Compaq  Ipaq.  And  of  course,  Carlson  had 


to  set  up  wireless  LANs  in  each  hotel  where 
the  wireless  system  would  be  used. 

Last  spring,  the  company  began  a  trial  of 
the  new  system  in  a  Minneapolis  hotel  and 
quickly  expanded  the  test  to  four  other  loca¬ 
tions.  Managers  in  those  hotels  use  their  desk¬ 
top  computers  to  select  the  pieces  of  data, 
such  as  occupancy  rates,  and  set  up  alerts  for 
the  key  indicators,  such  as  a  sudden  increase 
in  demand.  They  then  download  the  data  to 
their  handhelds  so  that  they  can  access  it  from 
almost  anywhere  on  their  hotels’  property. 


Today,  Carlson  managers  are  pushing 
data  to  the  handhelds  in  one  of  three  ways. 
Most  managers  use  a  cradle  to  connect  their 
handheld  to  a  computer,  some  sync  the  data 
over  a  wireless  LAN,  and  a  few  use  AT&T’s 
digital  WAN. 

In  all,  Heintzeman  says,  Carlson  has  put 
about  200  people  on  handhelds  at  a  cost  of 
about  $100,000.  He  reports  that  things  are 
working  well  and  plans  to  expand  the  pro¬ 
gram  to  at  least  10  more  properties  in  the 
coming  year.  ■ 


Problem:  Resistance  to  Change 
Solution:  Patience  and  Compromise 

How  HVAC  technicians  came  to  terms  with  daunting  technology 


Roberto  Amores  had  just  about  had  enough.  It  was  a  blistering  hot  day,  and 
the  struggling  air-conditioning  system  had  just  blown  the  fuses  in  the  Atlanta 
office  building  where  Amores  was  working  as  a  heating  ventilation  and  air- 
conditioning  technician  for  United  Maintenance.  But  the  biggest  problem 
for  Amores  wasn’t  the  heat  or  the  fuses,  it  was  the  new  handheld  that  his  com¬ 
pany  had  given  him  to  replace  the  paper  and  clipboard  that  he  had  used  to 
keep  track  of  his  work.  No  matter  what  Amores  tried,  he  couldn’t  seem  to  pick  up  a  signal 
and  make  the  new  computer  work.  He  climbed  down  from  the  roof,  where  he  was  work¬ 
ing,  and  got  in  his  truck.  Nothing.  He  tried  driving  around  the  block.  Nothing. 

On  his  first  day  using  wireless,  it  took  Amores  three  hours  to  pick  up  a  signal,  get  his  § 
service  call  and  fill  out  the  report.  One  problem  was  that  the  pop-up  window  kept  asking  him  £ 
if  he  wanted  to  do  things  that  he  didn’t  want  to  do.  He  tried  to  remember  what  he  had  | 
been  told  in  the  training  class,  and  he  just  became  more  confused. 

Amores  was  hardly  alone.  Most  of  the  30  technicians  who  United  Maintenance  had  £ 
outfitted  with  handhelds  were  struggling  with  questions  like  what  to  enter,  exactly,  when  £ 


WHAT  KIND  OF  DECISIONS  ARE  REQUIRED 
IN  TODAY'S  BUSINESS  CLIMATE? 

SMART  ONES. 


At  Crystal  Decisions,  the  makers  of 
Crystal  Reports"1,  we've  met  the  standards 
of  our  key  partners  like  SAP,  IBM,  Microsoft 
and  Baan.  We're  confident  we  can  meet 
yours.  To  find  out  how,  visit  us  at: 

www.crystaldecisions.com/ent/006/ 

or  call  1-866-82V3525. 


You  turn  to  Crystal  Decisions'”.  Our 
enterprise-wide  reporting,  analysis 
and  web-based  information  delivery 
solutions  have  a  proven  track  record 
of  helping  our  customers  better 
utilize  information  to  competitive 
advantage  and  profit. 


The  challenge  today  is  twofold. 

One:  how  do  you  get  the  infrastruc¬ 
ture  in  place  to  access  disparate  data 
sources  and  create  and  distribute 
actionable  information?  And,  two: 
also  meet  the  demands  to  reduce 
costs  and  increase  productivity? 


Arriving  at  a  smart  business  deci¬ 
sion  can  happen  anywhere.  But  the 
process  first  requires  information; 
information  that  needs  to  be  gathered 
from  multiple  sources,  then  analyzed 
and  shared  before  it  can  be  used  to 
your  advantage. 
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A  SEAGATE  COMPANY 


Wireless 


EMPLOYEES  OBJECTED  to  an  automatic  time-stamping  of  all 
messages.  United  Maintenance  changed  the  function. 


the  real  reason  they  wanted  to  put  a  job  on 
hold  was  not  among  those  listed  on  the 
scrolling  screen. 

Ralph  Hawkins,  the  service  manager  at 
United  Maintenance,  heard  the  grumbling  of 
his  technicians  and  got  to  work  on  a  solu¬ 
tion.  Hawkins  scheduled  a  series  of  meet¬ 
ings,  three  to  four  weeks  apart,  where  tech¬ 
nicians  could  swap  stories  about  their  frus¬ 
trations  and  solutions  for  the  handhelds. 
Other  managers  attended  the  meetings,  and 
when  they  learned  of  a  problem  that  could 
be  solved  by  altering  the  technology,  they 
took  action.  In  one  case,  for  example, 
employees  objected  to  an  automatic  time- 
stamping  of  all  messages  because  it  made 
them  feel  like  their  computers  were  moni¬ 
toring  them  constantly.  United  Maintenance 
changed  the  function  so  that  it  allowed  the 
technicians  to  enter  the  time  that  a  message 
was  received  or  an  action  taken.  In  another, 
management  learned  that  technicians  were 
writing  in  the  names  of  customers  who  were 
not  on  hand  to  sign  off  on  repairs,  which 
meant  that  they  were  unwittingly  commit¬ 
ting  acts  of  perjury.  The  technicians  were 
given  a  quick  lesson  in  the  law. 

While  the  results  were  not  immediate,  the 
meetings  did  help  the  technicians  feel  more 
comfortable  with  wireless  technology. 
So,  of  course,  did  the  passage  of  time. 
During  the  next  several  weeks,  frustrations 
decreased,  and  new  skills,  such  as  typing, 
increased. 

“You  can  go  to  all  the  training  classes  you 
want,  but  what  really  works  is  just  getting 
used  to  it,”  Amores  says.  “Once  you  figure 
out  what  it  does,  it  gets  a  lot  easier.” 

Today,  the  technicians  at  United  Main¬ 
tenance  use  the  handhelds  to  record  every¬ 
thing  they  do  in  the  field.  Service  calls  are 
dispatched  through  the  handhelds,  service 


is  recorded,  and  technicians  make  sure  that 
the  customers  sign  the  machine  at  the  com¬ 
pletion  of  the  call.  As  soon  as  the  signature  is 
captured,  the  call  is  taken  off  the  dispatch 
screen  and  a  bill  is  automatically  printed. 

cio.com _ 

Ask  the  Source:  For  the  next  two 
weeks,  John  Halamka  will  answer 
your  questions  online  about 
WIRELESS  &  SECURITY.  Go  to  the 
Web  Connections  box  on  CI0.com. 

Also,  check  out  “The  ABC’s  of 
Wireless”  at  www.cio.com/wireless. 


The  new  wireless  system  has  reduced  the 
billing  cycle  at  United  Maintenance  from 
two  to  three  weeks  to  two  to  three  days.  It 
also  ensures  the  company  that  the  techni¬ 
cians  have  filled  out  their  paperwork  and 
saves  the  technicians  the  time  they  used  to 
spend  bringing  their  records  into  the  office. 

“Our  guys  were  hesitant  at  first,”  says 
Hawkins.  “It  was  harder  for  the  older  guys; 
they  barked  at  it  but  finally  got  the  hang  of 
it — that  part  was  tough.”  BE! 


Danielle  Dunne  is  a  Web  writer  for  CI0.com.  E-mail 
her  at  ddunne@cio.com.  For  a  different  take  on 
fixed  wireless,  see  "The  Last  Mile— Wireless  Style," 
Page  84. 
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MICROSOFT®  MAKE? 
SMART  ONES. 


Arriving  at  a  smart  business  decision 
can  happen  anywhere.  But  the  process 
first  requires  information;  information 
that  needs  to  be  gathered  from 
multiple  sources,  then  analyzed  and 
shared  before  it  can  be  used  to  your 
advantage.  Microsoft  knows  this. 


That's  why  they  chose  Crystal  Decisions™. 
Microsoft  required  cutting  edge 
reporting  technology  for  its  recent 
Visual  Studio®. NET  release.  They  turned 
to  Crystal  Decisions,  the  industry  leader 
in  enterprise  reporting  to  provide  this 
functionality  for  their  customers. 


At  Crystal  Decisions,  our  enterprise 
reporting,  analysis  and  information 
delivery  solutions  have  a  proven  track 
record  of  helping  our  customers  and 
partners'  customers  increase  produc¬ 
tivity  and  reduce  IT  costs.  And  our 
strategic  partnerships  with  companies 


like  Microsoft,  SAP,  IBM,  and  Baan 
ensure  our  solutions  integrate  seamlessly 
with  your  existing  applications.  We  met 
Microsoft's  demanding  standards. 

We're  confident  we  can  meet  yours. 

To  find  out  how,  visit: 
www.crystaldecisions.com/ent/006/ 
or  call  1-866-821-3525. 


Access.  Analyze.  Report.  Share/ 
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A  SEAGATE  COMPANY 


WHAT  KIND  OF  DECISIONS  DOES 


Security  Planning 


LIVING 

WITH 

TERROR 

When  it  comes  to  dealing  with  terrorism,  American  companies 
have  a  lotto  learn  from  European  businesses  by  malcolm  wheatley 


Nearly  six  years  before  Sept.  11, 2001, 


Citibank,  the  Pittsford,  N.Y.-based  multinational  financial  services 
company,  became  starkly  aware  how  vulnerable  its  operations  were 

to  terrorist  attack.  On  the  evening  of 
Friday,  Feb.  9,  1996,  as  weary  office 
workers  in  London’s  Canary  Wharf 
area  were  heading  home,  IRA  terror¬ 
ists  telephoned  a  series  of  coded  warn¬ 
ings  to  media  organizations  about  a 
bomb  they  had  placed.  As  police  hast¬ 
ily  cleared  the  target  area,  the  device  ex- 
The  bomb  the  IRA  ploded,  killing  two  people,  hospitalizing 
setoff  at  London’s  more  than  100  others  and  damaging 
South  Quay  in  1995  several  buildings  so  badly  that  they  sub¬ 
injured  34  people.  sequently  had  to  be  demolished. 


The  advanced  warning  and  the  fact  that  many  workers  had  al¬ 
ready  left  for  the  weekend  undoubtedly  contributed  to  the  low 
number  of  fatalities.  But  so  too  did  the  fact  that  the  building  that 
took  the  brunt  of  the  blast  housed  Citibank’s  European  backup 
hot  site  with  1,000  empty  desks  set  up 
and  ready  to  be  used  should  any  one 
of  Citibank’s  European  offices — 
staffed  and  managed  by  Europeans — 
go  out  of  action.  Had  the  building  not 
been  purposely  left  empty,  the  police 
believe  that  the  casualty  toll  would 
have  undoubtedly  been  far  higher. 

For  Citibank,  which  had  opera¬ 
tions  in  some  14  European  countries, 


Reader  ROI 

►  Learn  how  European 
companies  protect 
themselves 

►  See  how  much  better 
prepared  London  is 
than  New  York  City 

►  Discover  the  key  factors 
for  maintaining  contacts 
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have  been  extremely  complacent  about  terrorism,”  says  Professor 
Wendy  Currie,  director  of  the  Centre  of  Strategic  Information 
Systems  at  Brunei  University  in  Uxbridge,  England.  “It’s  very  dif¬ 
ferent  from  the  attitude  in  some  parts  of  Europe — such  as 
London,  Madrid  and  Paris — where  people  tend  to  be  subcon¬ 
sciously  on  their  guard.” 

Consequently,  American  companies  have  a  lot  to  learn  from  com¬ 
panies  that  operate  in  Europe.  Certainly,  the  events  at  the  World 
Trade  Center  and  the  Pentagon  demonstrate  the  enormous  disrup¬ 
tion  terrorism  can  cause.  But,  as  European-based  companies  have 
learned,  preparations  in  the  form  of  backup  sites  and  contingency 
plans  are  only  part  of  the  equation.  Just  as  important  is  the  adoption 
of  a  mind-set  that  acknowledges  the  threat  of  terrorism  yet  at  the 
same  time  insists  on  a  determination  that  business  will  go  on. 
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A  woman  passes  a  mural  in  strife-torn 
Northern  Ireland,  September  2001  (top). 

The  aftermath  of  a  bombing  outside  a 
Madrid,  Spain,  bank  by  the  Basque 
separatist  group  ETA,  June  2001. 

the  blast  was  an  unlucky  reminder 
that — despite  careful  contingency  plan¬ 
ning — there’s  no  safe  haven  from  ter¬ 
rorism’s  disruption.  While  few  disaster 
plans  start  with  the  premise  that  the 
backup  facility  may  be  devastated, 
throughout  Europe — a  region  that 
has  an  unfortunate  history  of  terrorism — planning  for  debilitating 
disasters  is  considered  a  normal  part  of  business. 

And  there’s  a  growing  sense  that  American  companies  are  only 
now  waking  up  to  the  same  realization.  “Businesses  in  the  U.S. 


Revamped  Plans 

Despite  the  devastation  at  Citibank’s  hot  site,  not  every  company  at 
Canary  Wharf  was  so  fortunate  as  to  merely  have  empty  desks  dis¬ 
abled.  While  Citibank  scrambled  to  find  an  alternate  backup  facil¬ 
ity,  other  companies  at  Canary  Wharf  were  addressing  more  funda¬ 
mental  issues.  Like  getting  their  company  up  and  running  again. 

The  Builder  Group,  a  publisher  of  construction  and  property 
magazines,  is  one  example.  Its  premises,  too,  were  damaged  so 
badly  that  they  ultimately  had  to  be  pulled  down.  Yet  unlike 
Citibank,  The  Builder  Group  had  no  standby  facilities  into  which 
it  could  move.  Without  a  backup  site,  and  without  access  to  its 
computers  for  five  days  while  police  and  fire  officials  searched 
for  clues,  employees  had  to  re-create  their  work  from  that  Friday 
before  the  bomb  detonated.  While  no  magazine  issues  suffered, 
The  Builder  Group  has  since  revamped  its  antiterrorism  disaster 
plans,  having  learned  bitter  lessons  from  the  experience. 

Chief  among  those,  says  Bob  Durrant,  the  company’s  systems 

manager,  is  the  recognition  that  the 
data  held  on  office  computers  is  more 
fragile  than  the  hardware  itself.  Pro¬ 
vided  that  the  equipment  isn’t  totally 
destroyed,  he  says,  it’s  perfectly  feasi¬ 
ble  to  clean  hardware  up  and  bring  it 
back  into  use,  albeit  temporarily.  “It’s 
difficult,  but  at  least  you  don’t  lose 
everything  like  you  do  with  fire  or 
flood,”  he  says.  “From  that  point  of 
view,  it’s  a  more  survivable  event.” 

While  The  Builder  Group  had 
long  kept  backup  data  offsite,  it  also 
now  keeps  hardware  offsite  on 
which  to  run  that  backup  data.  Now,  says  Durrant,  disaster  plans 
call  for  The  Builder  Group  to  keep  a  general-purpose  server  on 
standby  at  an  undisclosed  offsite  location.  Preconfigured  and 
ready  to  go,  it  sits  there  just  in  case. 
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Security  Planning 


Lightning  Strikes  Twice 

For  Citibank,  more  upheaval  was  to  come.  Ten 
days  after  the  Canary  Wharf  bombing,  an  IRA 
terrorist  prematurely  detonated  a  bomb  on  a  red 
double-decker  bus  driving  down  London’s 
Strand.  The  bomb  went  off  right  outside  another 
Citibank  location — ironically,  one  containing  the 
office  of  independent  IT  consultant  Keith  Ford, 
a  specialist  in  disaster  recovery  planning  who  was 
then  engaged  in  advising  Citibank  on  how  to  pro¬ 
tect  its  operations. 

Taken  together,  the  two  bombs  composed 
something  of  a  baptism  by  fire — but  also  an 
invaluable  opportunity  for  Citibank  to  test  its  plan 
against  real-life  disasters.  From  the  disaster  plan¬ 
ning  perspective,  the  first  bomb  was  “a  nightmare 
scenario,”  says  Ford.  “Disaster  planning  is  all 
about  thinking  the  unthinkable — but  when  you 
talk  about  possible  scenarios,  a  bomb  taking  out 
your  backup  hot  site  has  to  be  fairly  unlikely.” 

Even  so,  the  impact  on  day-to-day  operations  was 
limited.  The  second  bomb,  despite  causing  less 
damage,  affected  an  operational  unit. 

The  result  for  Citibank  was  twofold:  An  affirma¬ 
tion  that  previous  plans  worked,  along  with  new  les¬ 
sons  on  how  to  improve  them.  Unlike  at  Canary 
Wharf,  damage  to  computer  equipment  was  light. 

Citibank  had  installed  blast-proof  windows  in  the 
building  as  insurance  against  precisely  that  sort  of 
eventuality.  Such  windows  contain  a  laminate  layer  in  a  glass 


Keith  Ford,  a  specialist 
in  disaster  recovery 
planning,  was  working 
for  Citibank  on  Feb.  19, 
1996,  when  the  IRA 
detonated  a  bomb 
right  outside  his  office. 
Ford  recommends  that 
American  business 


executives  make  sure 
their  plans  “dovetail 
with  those  of  the  civil 
authorities.” 


ities  to  go  over  their  plans  for  post-terrorist  attack 
access  to  business  premises. 

To  Ford,  whose  clients  have  included  American- 
based  companies  with  facilities  in  the  United  King¬ 
dom,  such  as  Capital  One  and  Prudential,  such 
dovetailing  is  essential  if  a  plan’s  goal  is — in 
Prussian  General  Helmuth  von  Molke’s  immortal  words — to  sur- 


‘sandwich,”  so  that  the  window  shatters  but  does  not  implode.  vive  contact  with  the  enemy.  “Typically,  companies’  disaster  plans 
That  was  the  good  news.  Not  quite  so  welcome  was  the  associ-  are  event-based,  or  action-based,  and  don’t  go  into  enough  detail 
ated  learning  point:  It  was  to  be  some  days  before  access  to  the  at  the  ‘who’  level,”  Ford  says.  For  example,  companies  usually 
building  could  be  regained— and  only  then  because  of  strong  links  overlook  the  fact  that  just  a  handful  of  preauthorized  people  will 

be  allowed  access  to  a  disaster  site  and  then 
only  for  a  limited  period.  “Plans  generally 
assume  that  a  thousand  people  can  go  about 
their  business  as  before — and  suddenly  you 
have  to  confront  the  fact  that  only  the  facilities 
person,  a  technology  person  and  a  disaster  recovery  person  are 
allowed  past  the  yellow  tape  [cordons],”  he  says. 


Business  continuity  embraces  much 
more  than  just  a  company’s  computers. 


between  Citibank  and  London’s  civil  authorities  (Citibank’s  head 
of  security  was  a  former  London  police  officer,  says  Ford).  One 
of  the  largest  companies  involved  in  the  attack,  Citibank  sent  rep¬ 
resentatives  to  attend  emergency  planning  meetings  organized  by 
London  boroughs  the  City  of  Westminster  and  City  of  London, 
says  Ford,  who  adds  that  many  companies  don’t  follow  Citibank’s 
practice.  “Only  when  a  bomb  goes  off  do  they  then  find  that  their 
own  disaster  recovery  plans  don’t  dovetail  with  those  of  the  civil 
authorities,”  he  says.  When  given  the  opportunity,  Ford  recom¬ 
mends  that  American  business  executives  meet  with  local  author¬ 


Getting  in  Touch 

It’s  precisely  that  kind  of  stark  realization  that  prompts  survivors 
to  recognize  that  business  continuity  embraces  much  more  than 
just  a  company’s  computers.  “Planning  is  vital,  but  you  have  to 
look  beyond  the  IT  issues  to  the  business  as  a  whole,”  says  Peter 
Lake,  European  business  development  director  for  Thomson 
Legal  and  Regulatory  (part  of  the  giant  DC  Thomson  group), 
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to  help  educate  senior  management  on  the  business  value  of  technology. 

We  heard  you.  And  we’re  pleased  to  announce  Darwin. 


Darwin  is  the  first  magazine,  written,  edited  and 
calibrated  for  business  executives.  Every  issue 
demystifies  technology  for  non-technology  executives 
and  helps  them  understand,  identify  and  support 
technology  options  to  achieve  your  organizational  goals. 

Darwin  covers  ail  the  technologies  executives  need 
to  know,  not  just  the  Internet.  From  application  software 
to  ASPs,  from  encryption  to  ERP,  hardware  to  hosting, 


VPNs  to  vendor  relations  —  everything  it  takes  to  use 
technology  to  solve  business  challenges. 

r  Darwin  is  FREE  to  qualified 

non-technology  executives.  Tell  your  team 
to  apply  for  a  Free  Subscription  at 

www.darwinmag.coni/subscribe 


Security  Planning 


who  as  the  managing  director  of  Gee 
Publishing,  another  part  of  Thomson, 
saw  his  company’s  premises  shattered  by 
the  Canary  Wharf  bomb.  Although  Gee 
Publishing  had  a  disaster  plan — and 
indeed,  had  three  copies  of  it  offsite — 
the  process  of  putting  it  into  practice 
proved  highly  educational. 

Among  the  chief  lessons:  Keep  any  dis¬ 
aster  plan  concise.  Once  the  senior  man¬ 
agement  team  started  putting  the  plan  into 
action  on  that  Friday  evening,  Lake  says, 
it  soon  became  clear  that  the  level  of  detail 
contained  within  its  several  hundred  pages 
was  simply  too  great.  Typical  of  the  sort  of 
information  that  Lake  now  feels  Gee  didn’t 
need  to  have  was  a  section  on  how  to  set  up 
an  emergency  team,  which  was  simply  too 
verbose  to  be  useful.  “In  the  event,  you  just 
get  on  and  do  it,”  he  says.  The  original  plan 
also  assumed  that  the  consultative  decision 
making  typical  of  day-to-day  operations 
would  continue  postattack.  “My  style  was 
markedly  different  from  that  used  to  run 
the  company  normally,”  says  Lake. 

“Consensus  was  not  as  important  as  get¬ 
ting  tasks  done — so  much  had  to  be  de¬ 
cided  and  quickly  communicated.” 

Some  of  the  most  useful  pieces  of  in¬ 
formation  in  the  plan  turned  out  to  be  up- 
to-date  telephone  numbers — including  weekend  contact  informa¬ 
tion — for  key  members  of  staff,  suppliers,  local  utilities  and  emer¬ 
gency  services.  With  urgent  decisions  to  be  made  about  where  to 
relocate,  those  numbers  saved  precious  hours  in  tracking  down  the 
right  individuals  and  getting  them  onsite.  As  part  of  the  Thomson 
group,  which  has  extensive  London  operations,  Gee  had  access  to 
empty  office  space  in  which  to  relocate,  but  it  contained  no  furniture 
or  computers.  Contacting  staff  quickly  was  therefore  an  urgent  pri¬ 
ority,  says  Lake. 

Yet  it  became  clear  that  there  were  gaps  in  the  plan;  critically, 
it  contained  no  listings  of  home  contact  details  for  employees  apart 
from  the  key  members  of  staff  involved  in  post-disaster  decision 
making.  “We  had  the  information  alright,”  says  Lake,  “but  it  was 
sitting  in  the  personnel  records  and  not  held  offsite.” 

What  followed  was  a  weekend  of  telephoning  staff,  plugging 
into  people’s  social  networks,  finding  employees  home  telephone 
numbers  from  individual  colleagues  and  making  contact  that  way. 
“By  the  Sunday  night,  we’d  spoken  to  108  out  of  the  113  employ¬ 
ees.”  Thanks,  he  says,  to  heroic  efforts  on  Saturday  and  Sunday 
in  setting  up  such  basic  facilities  as  a  telephone  switchboard  and 


arranging  for  calls  to  be  rerouted  to  it, 
a  skeleton  crew  of  staff  were  able  to  an¬ 
swer  the  phone  on  the  Monday  morn¬ 
ing  following  the  explosion,  though  most 
staff  stayed  at  home  on  full  pay  until  the 
furniture  and  computers  were  installed 
in  the  new  premises.  If  another  bomb  were 
to  go  off  today,  Lake  says,  the  Internet 
would  undoubtedly  remove  some  of  the 
pressure  to  contact  employees.  Even  so, 
he  reflects,  after  such  a  traumatic  occur¬ 
rence  “there  is  no  substitute  for  being  able 
to  speak  to  everyone  on  a  frequent  and 
regular  basis.” 

A  Wake-Up  Call 

Taken  together,  these  experiences  com¬ 
pose  a  fairly  representative  picture  of 
how  European  companies  in  terrorism 
hot  spots  such  as  London,  Madrid  and 
Paris  endure  the  possibility  of  disruptive 
terrorist  attacks.  While  Europeans  have 
simply  factored  the  possibility  of  such 
disruption  into  the  way  they  go  about 
their  business,  U.S.  companies  have 
tended  to  assume  that  the  problem  of  ter¬ 
rorism  was  one  that  wouldn’t  afflict 
America.  “We’ve  had  a  deep-seated  belief 
in  the  invulnerability  of  our  infrastruc¬ 
ture,”  says  Phil  Lacombe,  president  of 
information  and  infrastructure  protection  at  Arlington,  Va. -based 
software  company  Veridian,  and  a  former  staff  director  of  the 
President’s  Commission  on  Critical  Infrastructure  Protection  estab¬ 
lished  by  President  Clinton  in  1996.  “We  just  don’t  have  any  expe¬ 
rience  of  being  attacked — even  in  World  War  II.  The  last  time 
America’s  infrastructure  came  under  attack  was  the  War  of  1812.” 

Consequently,  he  believes,  American  companies  have  been 
remiss  when  it  comes  to  preparing  for  the  threat  terrorism  poses. 
During  his  time  at  the  commission,  recalls  Lacombe,  businesspeople 
would  ask  him  for  definitive  information  on  the  threat  so  that 
they  could  raise  awareness  to  the  point  of  getting  money  for  deter¬ 
rence.  Such  information  was  of  course  difficult  to  come  by. 
Ironically,  some  members  of  the  commission  used  to  observe  “that 
it  would  take  an  infrastructure  Pearl  Harbor  before  America 
would  listen,”  he  adds.  “That’s  just  happened.” 

Steve  Akridge,  chief  information  security  officer  for  Georgia’s 
Technology  Authority,  the  Atlanta-based  IT  arm  of  the  state  of 
Georgia,  shares  similar  concerns.  A  former  U.S.  Navy  chief  cryp- 
tologist  who  worked  in  Europe,  Akridge  sees  a  sharp  contrast 
between  American  preparedness  for  terrorist  attacks  and  the  far 


Seven  Tips  for 
Bomb-Proofing 
Your  Disaster  Plans 


Keep  disaster  plans  up-to-date,  short 
and  simple;  you’ll  be  too  busy  to  plow 
through  pages  of  unnecessary  detail. 


Store  contact  details  for  all  staff 
offsite.  Include  weekend  and 
vacation  contact  information- 
terrorists  aren’t  9-to-5  folks. 


In  addition  to  offsite  backup  data, 
maintain  backup  hardware  offsite 
as  well. 


Install  blast-proof  windows— 
they’re  expensive,  but  worth  it. 


Meet  with  police  and  civil  defense 
authorities  to  dovetail  your  plans 
with  theirs. 


include  in  your  plans  what  you'll  do 
if  only  three  or  four  key  executives 
are  allowed  into  your  building. 


Don  t  forget  about  physical  security; 
for  vulnerable  facilities,  consider 
more  restrictive  access  policies. 
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Has  too  much  data  put  you  in  a  ba-a-ad  mood?  Store  Smarter. 
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Active  Archive  Solutions."  The  intelligent  way  to  optimize  database  performance. 

Tight  budgets  and  an  even  tighter  database.  Feeling  squeezed?  Well,  while  everyone  else  is  buying  more 
hardware,  the  smart  ones  Store  Smarter  with  Princeton  Softech’s  Active  Archive  Solutions?  Active  archiving 
sets  aside  infrequently  used  data  to  make  room  in  your  database,  yet  keeps  it  “active”  for  easy  access.  It’s  the 
cost-effective  way  to  reduce  database  overload  and  improve  performance.  So  give  yourself  some  space. 

Store  Smarter.  Call  800.457.7060  or  visit  www.storesmarter.com. 

©  2002  Princeton  Softech  Inc.  All  rights  reserved. 
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less  sanguine  view  prevailing  overseas.  “I’ve  spent  time  in  the 
U.K.,  and  there  are  a  lot  of  things  that  folks  there  have  come  to 
accept,  maybe  without  even  thinking  about  it  anymore — like  the 
absence  of  trash  cans,”  he  says.  (Trash  cans  are  a  favored  location 
for  terrorists’  bombs.)  “I’m  concerned  that  we’re  now  in  that 
environment  in  America.” 


Recognizing  terrorism  as  a  risk  of  doing  business 
is  an  attitude  that  prevails  throughout  Europe. 


And  certainly,  the  events  of  Sept.  1 1  have  acted  as  a  kind  of  wake- 
up  call.  “It’s  not  a  fire  in  an  electrical  room  that  they’ve  got  to  prepare 
for  or  a  flood,”  says  Akridge.  “Instead,  it’s  utter  devastation.” 

European  companies  have  shown  themselves  more  willing  to  pay 
out  the  serious  money  required  to  provide  themselves  with  the  best 

form  of  protection  against 

cio.com _  such  devastation:  backup 

facilities,  ready  to  be  moved 
into  if  necessary.  In  British 
eyes,  the  United  States  is 
underprovisioned  with  those 
facilities.  “Having  your  com¬ 
puters  backed  up  and  your 


Read  about  strategies  for  staying 
in  touch  with  employees  by  click¬ 
ing  on  LEARN  MORE:  LIVING 
WITH  TERRORISM  in  the  Web 

Connections  box  at  www.cio.com. 


data  safe  is  no  use  if  there’s  nowhere  for  people  to 
operate  those  computers — what  we  call  the  bums- 
on-seats  factor,”  says  John  Kersley,  general  manger 
for  global  recovery  services  at  SchlumbergerSema 
of  Walton-on-Thames,  England. 

It  is,  he  adds,  a  peculiarly  American  blind  spot. 
“We  estimate  that  only  20  percent  of  the  businesses 
based  in  the  World  Trade  Center  had  an  adequate 
disaster  recovery  plan  in  place  at  the  time  of  the 
attack,”  he  says.  “In  the  whole  of 
Manhattan,  we  could  find  less  than 
1,000  business  continuity  positions 
provided  by  third  parties,”  he  says.  “In 
London,  we  alone  operate  6,000  posi¬ 
tions — and  we’re  just  one  supplier.” 

Such  backup  facilities  are  big  busi¬ 
ness  in  the  United  Kingdom.  Although 
New  York  City  dwarfs  London  as  a 
financial  and  commercial  center,  Lon¬ 
don  has  more  than  1  million  square 
feet  of  third-party-operated  business 
recovery  space  compared  with  New 
York  City’s  500,000  square  feet,  ac¬ 
cording  to  Kersley. 

Recognizing  terrorism  as  a  risk  of 
doing  business  is  an  attitude  that  pre¬ 
vails  throughout  Europe.  “The  inci¬ 
dence  of  ETA  [the  Basque  terrorist 
group]  terrorism  in  Spain  is  very  localized,  and  sometimes  we  aren’t 
very  comfortable  knowing  that  a  specific  node  of  our  network  is  in 
a  place  with  a  higher  degree  of  risk,”  says  Paualino  Folch,  director 
of  organization  and  IT  at  Nestle  Espana  in  Barcelona,  Spain.  “You 

can’t  avoid  such  places — business 
is  business — so  you  just  have  to 
live  with  the  risk.”  In  such  loca¬ 
tions,  Nestle  applies  the  same 
technical  security  standards  as 
elsewhere,  but  stipulates  a  higher  degree  of  physical  security  such  as 
restricted  access  and  a  careful  choice  of  server  location. 

One  thing  seems  certain.  Whatever  their  chosen  degree  of  protec¬ 
tion,  American  companies  now  join  their  European  counterparts  in 
knowing  that  the  unthinkable  can  indeed  happen.  While  the  events 
of  Sept.  1 1  were  extreme — no  attack  in  Europe  has  even  come  close 
to  matching  their  horror — never  again  will  U.S.  CIOs  be  able  to 
assume  that  it  can’t  happen  here.  It  has,  and  it  could  again.  And  that’s 
something  Europeans  have  known  for  quite  a  while.  HH 

Let  Senior  Editor  Megan  Santosus  know  what  other  nations  can  teach  the  United 
States  about  security  at  santosus@cio.com.  Malcolm  Wheatley  is  a  freelance  writer 
based  in  Devon,  England. 


“There  are  a  lot  of 
things  folks  in 
Europe  have  come 
to  accept— like  the 
absence  of  trash 
cans,”  a  favorite 
hiding  place  for 
bombs,  says  Steve 
Akridge,  chief 
information  security 
officer  for  the  state 
of  Georgia’s  Tech¬ 
nology  Authority 
and  a  former  U.S. 
Navy  cryptologist 
stationed  in  Europe. 
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IT  infrastructure! 


You  have  a  business  to  run.  And  building  and 
operating  communications  infrastructure  probably 
isn’t  your  core  competency.  So  why  devote  your 
precious  resources  trying  to  reinvent  the  data 
networks,  scalability,  security  and  performance 
WorldCom  is  known  for  across  the  globe?  After  all, 
communications  is  our  core  business. 


WorldCom  has  a  team  of  experts  whose  sole 
focus  is  providing  optimal  solutions  that  are  cost 
effective  for  your  business.  We  manage  those 
solutions  through  our  global  data  centers,  which 
plug  directly  into  the  world’s  farthest-reaching*  IP 
network.  Maybe  that’s  why  over  50%  of  the  Fortune 
1000  and  their  subsidiaries  tap  into  WorldCom  for 
complex  IP  services.  Why  not  join  them? 

In  these  economic  times,  or  really  at  any  time, 
you  can’t  afford  to  divert  your  attention  away  from 
driving  your  business.  But  you  can  afford  WorldCom, 
and  we’re  just  a  call  away:  1-800-465-1792. 


Want  to  learn  more  about  VPNs? 

Visit  worldcom.com/us/library 

generation  d_ 

*  Based  on  global  PoPs. 

©  2002  WorldCom,  Inc.  All  Rights  Reserved.  CODE:  OUTSOURCE 
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Personalization 


A  guide  to  Personalization  101 ,  brought  to  you 
by  three  companies  that  are  doing  it  right 
BY  MERIDITH  LEVINSON 


emember  all  those  big  promises  the  dotcoms  made  about  being 
able  to  market  to  their  customers  on  a  one-to-one  basis?  All  that 
fancy-schmancy  personalization  technology  they  had  behind  their 
websites  was  supposed  to  make  it  happen.  They  would  track  their 
customers’  every  click,  purchase  and  page  view  and  then  make  rec¬ 
ommendations  about  what  books,  CDs  and  clothes  their  customers 


should  buy.  As  we  all  know,  personalization 
technolog)'  didn’t  pay  off  in  time  to  save  dot¬ 
coms’  skins. 

In  fact,  personalization  has  been  the 
Web’s  biggest  unfulfilled  promise,  at  least  so 
far.  It  has  disappointed  companies  and  con¬ 
sumers  alike  for  several  reasons,  first  of  all, 
efforts  that  many  companies  tout  as  person¬ 
alization  are  really  just  exercises  in  simplis¬ 
tic  customer  segmentation.  Just  because  a 
letter  from  a  bank  about  a  home  equity  loan 
is  addressed  to  “Dear  Meridith  Levinson” 
instead  of  “Dear  Valued  Customer”  doesn’t 
mean  it’s  tailored  to  Meridith’s  needs,  espe¬ 
cially  when  she  is  single,  rents  an  apartment 
and  doesn’t  need  a  $20,000  credit  line.  That 
is  an  instance  of  a  bank  segmenting  an  indi¬ 
vidual  into  some  category  of  customer  it 
deems  worthy  of  a  home  equity  loan. 


Neither  the  bank  nor  the  consumer  wins  in 
this  situation;  the  bank  doesn’t  sell  a  home 
equity  loan,  and  the  customer  doesn’t  get 
offered  the  Roth  IRA  she  really  wants. 

The  second  reason  personalization  hasn’t 
lived  up  to  expectations  is 
because  off-the-shelf  person¬ 
alization  technologies  focus 
on  giving  customers  specific 
recommendations  based  on 
what  they’ve  bought  in  the 
past.  And  those  recommen¬ 
dations  don’t  differentiate 
between  gifts  and  personal 
purchases.  If  Dad,  who  usu¬ 
ally  buys  classic  rock  CDs  for 
himself,  purchases  a  Korn 
album  for  his  12-year-old 
son,  he  may  start  getting  rec¬ 


ommendations  for  grunge  every  time  he  logs 
in.  And  that’s  just  annoying.  By  contrast, 
when  a  customer  patronizes  a  brick-and- 
mortar  store,  he  can  get  sensible  recommen¬ 
dations  on  everything  from  house  paint  to 
upholstery  swatches  by  simply  asking  a 
clerk.  And  it  takes  a  lot  less  time. 

Despite  such  disappointing  outcomes, 
there  are  a  handful  of  companies  that  under¬ 
stand  the  essence  of  personalization  and 
are  doing  it  right.  They  realize  it’s  about 
determining  a  customer’s  unique  needs  and 
offering  products  and  services  that  satisfy 
him.  For  instance,  at  San  Francisco-based 
Reflect.com,  a  Procter  &  Gamble  spinoff, 
women  can  customize  cosmetics,  moisturiz¬ 
ers,  cleansers,  shampoos  and  conditioners 
that  best  suit  their  skin 
and  hair  care  needs.  And  if 
you’re  fed  up  with  Weight 
Watchers  and  the  Atkins’ 
diets,  essentially  one-size- 
fits-all  regimes,  eDiets.com 
offers  weight  loss  and  fitness 
plans  tailored  to  your  indi¬ 
vidual  activity  level,  dietary 
preferences,  medical  history 
and  emotional  needs. 

B2B  companies  are  also 
finding  that  their  customers 
view  personalization  as  a 


Reader  ROI 

►  Read  about  three 
companies  making 
money  from  personal¬ 
ized  service 

►  See  why  your 
business  strategy 
must  come  first  and 
the  technology  second 

►  Understand  the 
importance  of  data 
integration  in  this 
endeavor 
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Jonathan  Grayson, 
CIO  of  Reflect.com, 
has  built  technology 
that  allows  the  beauty 
products  company  to 
personalize  every 
interaction  with 
its  customers. 
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value-added  service.  For  example,  PSS  World 
Medical,  a  $1.8  billion  distributor  of  medical 
products  and  diagnostic  imaging  equipment, 
is  expanding  its  business  by  personalizing  its 
online  catalog  according  to  its  physician- 
customers’  type  of  practice  and  what  their 
colleagues  are  buying.  Although  only  6  per¬ 
cent  of  PSS’s  customers  currently  use  the  Web 
on  a  monthly  basis  to  place 
orders,  the  company  has  in¬ 
creased  its  incremental  sales 
by  $200,000  a  month  since 
the  launch  of  its  online  system. 

All  three  companies  have 
based  their  personalization 
efforts  on  one  fundamental 
principle.  They  put  strategy 
first  and  technology  second. 

They  had  to  figure  out  if  per¬ 
sonalization  was  right  for 
their  business  and  how  they 
could  make  it  work  before 
installing  a  single  piece  of 
code.  Company  executives 
also  realized  they  had  to  fully 
integrate  their  information 
systems  so  that  they  could 


pop-up  ad  that  offers  her  a  special  deal  on 
the  conditioner  that  goes  with  that  sham¬ 
poo.  And  when  a  dermatologist  shops  on 
PSS’s  personalized  website,  the  site  automat¬ 
ically  shows  him  other  products  that  are 
most  popular  among  his  own  colleagues. 

If  the  pundits  are  correct,  every  company 
will  have  to  individualize  its  products,  serv¬ 


EDiets  CTO  Steve 
Johnson’s  system 
automatically  sends 
e-mail  to  customers 
who  haven’t  logged 
in  for  a  while. 


he  appeal  of  eDiets  is  its  highly 
customized  weight  loss  plan. 


access  and  share  customer  information  in 
disparate  databases. 

Tellingly,  none  of  these  companies  rely 
exclusively  on  off-the-shelf  software.  Instead, 
they  use  entirely  homegrown  applications 
or  some  combination  of  packaged  and 
custom-built  software.  (Off-the-shelf  pack¬ 
ages  often  don’t  include  the  functionality 
that  many  companies  need  to  access  and 
integrate  legacy  customer  information.) 

Finally,  at  least  two  of  these  companies 
are  using  their  personalization  systems  to 
reach  the  Holy  Grail:  getting  customers  to 
spend  more  money  with  them  through 
cross-marketing.  If  a  Reflect.com  customer 
orders  another  bottle  of  customized  sham¬ 
poo  online,  she  is  immediately  greeted  with  a 


ices  and  interactions  with  customers  in  order 
to  stay  competitive.  Only  then  will  the 
promise  of  CRM — increased  customer  rev¬ 
enues — be  fulfilled. 

WEIGHING  IN,  ONLINE 

EDiets  is  one  of  a  handful  of  subscription- 

based  Internet  pure-plays  to  have  survived 
the  shakeout  and  achieved  a  profit.  The  dot¬ 
com  personalizes  diet  plans  to  overcome  its 
biggest  handicap — not  having  the  face-to- 
face  weigh-ins  that  programs  like  Weight 
Watchers  and  Jenny  Craig  offer.  With 
eDiets,  members  weigh  themselves  in  their 
homes  and  track  their  progress  on  the  site. 
To  compensate  for  not  having  regional 
weight  loss  centers,  eDiets  has  to  customize 


its  weight  loss  plans  to  such  an  extent  that 
they  appeal  to  people  who  have  grown  tired 
of  Weight  Watchers  and  Jenny  Craig’s 
cookie-cutter  approach. 

Every  month,  as  many  as  40,000  people 
sign  up  for  eDiets’  free  newsletter,  according 
to  Steve  Johnson,  the  company’s  CTO.  And 
each  quarter,  approximately  100,000  new 
dieters  pay  $45  for  a  three- 
month  subscription  to  the 
k  program.  The  subscription 

entitles  members  to  weekly 
!§  fitness  and  meal  plans  cust¬ 

omized  according  to  their  eat¬ 
ing  habits,  dietary  preferences, 
medical  conditions,  and  emo¬ 
tional  and  weight  loss  needs. 
The  Deerfield  Beach,  Fla.- 
based  company  has  more 
than  300,000  paying  mem¬ 
bers  and  9.8  million  opt-in 
subscribers  to  its  newsletter. 

Before  the  company  went 
online,  Johnson  worked  with 
professional,  licensed  dieti¬ 
cians  to  build  eDiets’  pro¬ 
prietary  diet  engine  from 
scratch.  The  diet  engine, 
which  runs  on  Windows  NT,  relies  on  a 
customer  database  and  a  meal  plan  data¬ 
base  connected  via  software.  The  software 
extracts  information  from  each  database 
to  produce  the  customized  diet  plan  for 
each  member. 

When  a  new  customer  registers  on  eDiets, 
she  fills  out  a  questionnaire,  indicating  her 
current  age,  weight,  height  and  gender. 
Then,  selecting  from  pull-down  menus,  she 
specifies  whether  she  has  any  dietary  pref¬ 
erences  or  restrictions — such  as  being  a  veg¬ 
etarian — and  indicates  if  she  has  any  medical 
conditions,  such  as  high  blood  pressure, 
hypertension,  diabetes  and  high  cholesterol. 
Finally,  she  indicates  whether  she’s  a  couch 
potato,  exercises  moderately  or  is  very 
active,  and  if  she  eats  when  she’s  stressed, 
depressed  or  upset.  She  submits  the  ques¬ 
tionnaire  to  eDiets,  and  it  gets  stored  in  the 
customer  database. 

Not  everyone  gets  a  customized  diet.  The 
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Higher-performing— and  more  demanding  — business  applications  and  technologies  are  on  the 
way.  So  how  do  you  make  sure  you  have  the  headroom  to  be  ready  for  anything?  Always 
choose  PCs  powered  by  the  latest  Intel®  Pentium®  4  processors— now  available  at  speeds  up  to 
2.20  GHz.  It’s  performance  with  purpose.  Visit  www.intel.com/info/pentium4  for  more  information. 
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to  stretch 


Personalization 

company  advises  dieters  to  check  with  their 
doctor  before  beginning  any  diet  or  fitness 
program,  and  they  won’t  give  you  a  diet  if 
you’re  within  a  recommended  weight  range. 
Instead,  the  serv  ice  may  tell  you  that  you’re 
within  your  target  weight  and  that  trying  to 
lose  additional  weight  is  unhealthy. 

For  eDiets’  business  to  survive,  it  has  to 
make  sure  members  return  to  the  site  on  a 
weekly  basis  and  renew  their  subscriptions 
after  three  months.  To  encourage  them  to  do 
that  and  ensure  they  feel  supported  in  their 
weight  loss  efforts,  eDiets  uses  the  same  pro¬ 
prietary  technology  the  company  has  devel¬ 
oped  for  generating  the  personalized  diets. 
For  instance,  if  the  system  finds  that  a  mem¬ 
ber  hasn’t  logged  in  for  several  weeks,  it  will 
automatically  send  that  individual  an  e-mail 
encouraging  him  to  stay  on  track,  says 
Johnson. 

The  one  drawback  to  the  plan  is  that 
many  members  find  the  online  program  iso¬ 
lating.  “With  an  online  weigh-in,  there  just 
doesn’t  seem  to  be  the  motivation  to  stay  on 
program  the  way  there  is  with  a  face-to-face 
program  like  Weight  Watchers,”  says  a  for¬ 
mer  eDiets  subscriber. 

EDiets  tries  to  combat  that  handicap  with 
chat  rooms  and  bulletin  boards  on  its  web¬ 
site,  as  well  as  a  toll  free  number  dieters  can 
call  for  help  or  a  kick  in  the  pants.  If  a  mem¬ 
ber  calls  to  say  she’s  having  trouble  staying 
on  the  diet  because  she’s  hungry  all  the  time, 
eDiets’  staff  can  access  the  member’s  infor¬ 
mation  through  a  Web-based  application 


that  is  linked  to  the  diet  engine  and  the  cus¬ 
tomer  database.  They  can  see  the  meal  plan 
the  customer  is  currently  using  and  adjust 
her  caloric  intake. 

The  personalized  approach  seems  to  be 
paying  off.  EDiets  celebrated  its  first  profit 
one  year  after  it  launched  online  in 


THREE  TIPS  FOR 

EFFECTIVE 

PERSONALIZATION 

DEVELOP  A  CLEAR  personaliza¬ 
tion  strategy  first,  then  implement 
the  technologies  that  will  support  it. 
Your  strategy  should  define  what 
services  you  can  tailor  to  your  cus¬ 
tomers  and  how  those  personalized 
services  will  bring  increased  value  to 
your  company.  Don’t  skimp  on  the 
right  technology.  If  you  can't  find  it  in 
a  shrink-wrapped  package,  develop  it 
yourself. 

BUILD  INTERFACES  between  e- 
commerce,  CRM  and  ERP  systems 
where  customer  information  is  stored 
so  that  it  can  be  accessed  and  shared. 

SETUP  an  infrastructure  to  facilitate 
personalization  across  all  channels  of 
yodr  business.  -M.L. 

November  1999  and  has  been  in  the  black 
ever  since.  The  company  earned  approxi¬ 
mately  $11.4  million  in  revenues  in  2000 
and  an  estimated  $25  million  in  2001, 
90  percent  of  which  were  generated  through 
paid  subscriptions. 

THE  BEAUTY  OF 
INTEGRATION 

Like  eDiets,  Reflect.com  also  devel¬ 
oped  proprietary  technology  to  customize  its 
products — in  this  case,  skin  and  hair  care 
products  and  cosmetics.  When  the  online 


company  (which  is  majority-owned  by 
Procter  &  Gamble  and  15  percent  owned  by 
venture  capital  firm  Institutional  Venture 
Partners)  launched  in  1999,  many  onlookers 
were  skeptical  that  the  company  could  actu¬ 
ally  do  such  a  thing,  says  Jonathan  Grayson, 
Reflect’s  CIO.  Besides  convincing  women 


that  customizing  beauty  products  is  possible, 
Reflea.com  also  has  to  carve  a  niche  for  itself 
in  the  highly  competitive  beauty  care  space. 

Now,  when  a  customer  wanders  on  to 
Reflea.com  and  indicates  an  interest  in  buy¬ 
ing  eye  cream,  she  is  prompted  to  fill  out  a 
questionnaire  that  will  help  Reflea.com  cre¬ 
ate  a  product  that  suits  her  needs.  She  indi¬ 
cates,  for  example,  whether  she  gets  dark  cir¬ 
cles  or  puffiness  under  her  eyes,  whether  she 
would  like  the  skin  under  her  eyes  to  be 
smoother,  if  she  has  laugh  lines  that  she 
wants  to  reduce,  and  if  her  eyes  are  sensitive. 

Once  she  completes  the  questionnaire,  it 
is  transmitted  to  Reflect.com’s  homegrown 
matrix  system  and  its  IBM  Websphere  trans¬ 
action  system,  which  processes  the  order. 
The  matrix  system  is  a  connected  system 
that  learns  from  example  rather  than  fol¬ 
lowing  preset  programs.  The  matrix  deter¬ 
mines  which  active  ingredients  should  or 
should  not  be  included  in  a  product  given 
the  parameters  the  customer  has  provided. 
So  if  the  customer  purchasing  the  eye  cream 
indicates  she  wants  to  minimize  dark  circles 
under  her  eyes  but  thinks  her  crow’s  feet  give 
her  character,  her  eye  cream  will  be  made 
with  vitamin  C  to  treat  the  dark  circles,  but 
vitamins  A  and  K,  which  supposedly  reduce 
wrinkles,  will  be  left  out. 

Because  Reflea  wanted  to  go  beyond  cus¬ 
tomizing  products  to  personalize  its  every 
interaction  with  every  customer,  Grayson 
had  to  overcome  the  biggest  challenge  com¬ 
panies  face  when  trying  to  do  personaliza¬ 
tion  effectively.  Fie  had  to  create  an  infra- 
struaure  in  which  disparate  data  sources — 
from  Reflect’s  e-commerce  transaction 
system  to  its  CRM,  manufacturing  and 
fulfillment  systems — could  all  be  accessed 
as  one.  And  he  did  that  in  two  ways:  by  bas¬ 
ing  all  of  the  systems  on  Oracle  databases 
and  by  making  them  feed  into  an  Epiphany 
data  mart.  For  example,  the  transaction 
server,  the  Web  server  and  the  homegrown 
system  that  formulates  each  customized 
produa  access  the  same  database.  The  data 
mart  also  pulls  information  from  those 
servers  and  systems.  So  if  a  buyer  who  once 
customized  eye  cream  replaces  it,  Reflect.com 


eflect.com  created  a  holistic  view 
of  each  customer  by  pulling  together 
data  from  disparate  databases. 
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You  won't  see  the  next  network 
security  threat  coming. 


STAT/v 


When  the  next  Code  Red,  Goner 
orNimda  comes  along,  STAT 
could  be  the  difference  between 
a  crippled  system  and  one  that’s 
completely  unaffected. 


But  STAT  will. 

Arming  yourself  against  the  next  threat  requires  more  than  vigilance.  It  requires  a 
new  level  of  defense.  At  Harris,  we  know;  for  more  than  25  years,  we've  helped 
keep  government  networks  secure — and  now  we're  helping  businesses  stay 
ahead  of  the  enemy  with  our  STAT  intrusion  prevention  tools.  For  example,  STAT 

Neutralizer™proactively  protects  servers  and  workstations  by  using  behavioral 
analysis  to  prevent  intrusions  and  malicious  activities  from  taking  place.  STAT 
Neutralizer  provides  a  new  layer  of  security  to  defend  your  network  during  its  most 
vulnerable  time  —  before  an  anti-virus  update  can  be  downloaded.  And  that's 
just  the  beginning  of  what  STAT  can  do.  To  start  winning  the  war  on  cyberattacks, 
call  1  -888-725-STAT  (7828)  today  or  visit  our  website. 
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Personalization 


David  Ramsey,  CIO  of 
PSS  World  Medical, 
says  his  company  is 
gaining  competitive 
advantage  by  showing 
personalized  websites  to 
prospective  customers. 


will  automatically  cross¬ 
market  other  eye  products  to 
her  in  a  pop-up  ad. 

Whether  a  customer  rejects 
or  accepts  the  offer,  Grayson 
says,  her  response  is  fed  back 
into  the  Epiphany  system. 

This  way,  she  won’t  be  bom¬ 
barded  with  offers  for  prod¬ 
ucts  in  which  she’s  not  inter¬ 
ested,  and  Reflect.com  can 
alter  the  segments  of  cus¬ 
tomers  to  which  certain  offers 
are  targeted  based  on  the  type 
of  women  who  have  re¬ 
sponded  to  them. 

To  date,  Reflect.com  has  created  about 
3.5  million  unique  products,  according  to 
Grayson,  who  says  that  the  cost  of  customiz¬ 
ing  is  slightly  higher  than  mass-producing 
similar  high-end  beauty  products.  Since  it  first 
launched,  Reflect  has  received  $85  million  in 
funding  from  Procter  &  Gamble  and  Red- 
point  Ventures.  Grayson  says  the  company 
is  on  target  toward  profitability,  but  he 
declined  to  release  specific  financial  numbers. 
According  to  Jupiter  Media  Metrix,  Reflect 
is  the  largest  beauty  products  site  on  the  Web. 

Companies  that  don’t  customize  their 
own  products  but  want  to  personalize  their 
marketing  and  sales  campaigns  can  use  the 
same  approach.  Access  to  information  in  dif¬ 
ferent  systems  is  key  when  it  comes  to  tai¬ 
loring  interactions  with  customers,  says 
Grayson.  With  it,  companies  get  a  more 
detailed  understanding  of  their  customers’ 
preferences,  which  “allows  you  to  tailor  mes¬ 
sages  that  don’t  look  cursory  or  thrown 
together,”  he  adds. 

A  DOCTOR  ON  BOARD 

Personalization  is  not  just  for  B2C  com¬ 
panies.  PSS  World  Medical,  an  up-and- 
coming  distributor  of  medical  supplies  and 
diagnostic  imaging  equipment,  is  finding  that 
the  power  of  personalization  works  as  well  in 
the  B2B  space. 

Today,  the  Jacksonville,  Fla. -based  com¬ 
pany  controls  15  percent  of  the  physician 
supply  business  and  competes  directly  with 


10  other  distributors,  including  divisions  of 
such  big  name  companies  as  McKesson- 
HBOC  and  Cardinal  Health.  To  differenti¬ 
ate  itself  from  its  competitors  and  crack  big¬ 
ger  accounts,  PSS  launched  two  portals, 
MyPSS.com  in  December  2000  and  My- 
DlOnline  eight  months  later.  It  customizes 
these  portals  according  to  each  customer’s 
practice  type  and  brands  the  pages  with  the 
customer’s  name  or  logo. 

Small  private  medical  practices  and  large 
health-care  organizations  alike  use  MyPSS- 
,com  to  order  more  than  56,000  products 
including  everything  from  basic  bandages 
and  syringes  to  test  tubes  and  petri  dishes. 
Radiologists  use  MyDIOnline  (the  DI 
stands  for  diagnostic  imaging)  to  select  from 
more  than  8,000  SKUs  including  mammo- 
graphic  and  X-ray  equipment,  film  and 
chemicals.  The  portals  are  built  on  BEA’s 
Web  Logic  Application  Server  and  run  on 
BEA’s  commerce  component  framework 
and  personalization  server.  Customer  infor¬ 
mation  is  stored  in  a  centralized  Oracle 
database.  The  company’s  ERP  system,  sales- 
force  automation  application  and  databases 
are  pulled  together  using  IBM’s  MQ  Series 
middleware. 

When  a  customer  first  registers  to  use  one 

cio.com _ 

For  more  on  this  topic,  visit  our 

CRM  RESEARCH  CENTER  at 

www.cio.com/crm. 


of  the  catalogs,  say  MyPSS.- 
com,  she  can  choose  to  see 
only  the  products  that  are  rel¬ 
evant  to  her  practice  type. 
Once  she  begins  placing 
orders,  PSS  maintains  a  real¬ 
time  list  of  all  the  products 
the  physician  ordered  during 
the  past  1 8  months  ranked  in 
descending  order  by  quantity. 
This  section,  called  Myltems, 
makes  it  a  lot  easier  for  a  doc¬ 
tor  to  find  the  20  items  he  has 
purchased  (out  of  a  catalog  of 
56,000).  PSS  can  also  use  the 
list  to  show  one  dermatologist  what  her  col¬ 
leagues  are  buying. 

Wayne  Meyerson,  director  of  e-business 
for  PSS,  says  the  recommendations  encour¬ 
age  people  to  shop  more.  “Because  we  make 
it  so  easy  for  people  to  buy  online,  we  see  a 
20  percent  higher  average  size  order  on 
MyPSS.com  as  opposed  to  through  the  tra¬ 
ditional  methods  of  the  phone  and  sales  rep,” 
he  says. 

As  an  added  advantage,  PSS  can  use  the 
personalization  information  it  collects  to 
determine  whether  a  customer  is  a  member 
of  a  small  private  practice  or  belongs  to  a 
much  larger  clinical  system.  If  the  latter  is 
the  case,  David  Ramsey,  CIO  of  PSS  World 
Medical,  alerts  PSS’s  corporate  accounts 
staff,  who  then  attempt  to  open  more 
accounts  across  that  entire  clinical  system. 

Ramsey  says  that  big  accounts  were 
always  tough  for  PSS  to  win  in  the  past.  But 
with  its  personalized  tools,  PSS’s  sales  force 
is  pitching  like  Pedro  Martinez.  “With  the 
technical  ability  we  have  to  personalize  a  site 
in  a  day,  we  can  walk  in  on  a  prospecting 
deal  and  show  them  a  customized  site  with 
their  logo,  their  colors  and  their  content 
needs,”  Ramsey  says.  “It’s  interesting  how 
well  that  plays  to  people’s  egos.  It  is  helping 
us  win  large  accounts  that  we’ve  never  before 
been  able  to  win.”  00 


Do  you  have  any  personalization  stories  to  share? 
E-mail  Senior  Writer  Meridith  Levinson  at 
mlevinson@cio.com. 
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VERITAS  BACKUP  AND  RECOVERY  SOFTWARE 


The  world  leader 
in  data  backup  and 
recovery  software. 

(Yes,  we  can  back  that  up.) 


VERITAS 

86%  of  the  FORTUNE  500  rely  on  VERITAS  Software.  In  fact,  we’re  the  world  leader 
in  data  backup  and  recovery  software  with  nearly  twice  the  market  share  of  the  next 
closest  competitor.  Our  consulting  services  team  is  ready  to  help  your  company  design 
and  implement  a  data  recovery  plan.  Visit  veritas.com  today. 

©2001  VERITAS  Software  Corporation.  All  Rights  Reserved,,  VERITAS,  VERITAS  Software,  the  VERITAS  logo  and  all  other  VERITAS  product  names  and  slogans  are  trademarks  or  registered  trademarks 
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The  Last  Mile— Wireless  Style 

Fixed  wireless  can  provide  an  affordable  option,  but  don’t  forget  to  factor 


in  Mother  Nature  by  ben  worthen 

GOOD  CIOs  have  gone  mad  trying  to  find  cheap 
and  effective  last-mile  connections  between  their 
corporate  LANs  and  WANs.  The  pipes  most 
companies  have  in  place  don’t  offer  the  perform¬ 
ance  companies  need  to  handle  media-rich  com¬ 
munications,  and  getting  a  new  T1  or  fiber-optic 
cable  put  in  the  ground  takes  time  and  money — 
usually  lots  of  both.  Wireless  companies  prom¬ 


ise  an  alternative:  high-speed  service  at  a  frac¬ 
tion  of  the  cost. 

The  word  wireless  usually  conjures  images  of 
cell  phones,  handheld  computers  or  other  per¬ 
sonal  communication  devices  rather  than  the 
information  moving  among  them.  The  gadget 
mind-set,  however,  is  a  recent  phenomenon  that 
disregards  the  history  and  evolution  of  the  wire- 


Fixed  wireless... Fiber  computing. ..Export  software. ..Leadership 
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FINALLY 

THE  ONE  THING 

APACHE  has  been  missing 

ALL  ALONG 


3$r  Covalent  Management  Portal  //powered  by  Apache  2.0  -  Netscape 


COVALENT  ENTERPRISE  READY  SERVER 


POWERED  BY  APACHE  2.0 


•  Centralized  browser-based  management  of  hundreds  of  servers 

•  Enterprise  grade  Web  server  security 

•  Reduced  total  cost  of  ownership 


FREE  Find  out  what's  new  in 

Apache  2.0.  Sign  up  for  our 
free  Web  seminar  at 
www.covalent.net/finally 
or  call  us  at  800/444-1935 
for  more  information  on 
Enterprise  Ready  Server. 


j  Emerging  Technology 


less  medium.  For  the  first  hundred  years 
after  Guglielmo  Marconi’s  early  radio 
experiments  in  1895,  wireless  simply 
meant  a  way  to  transmit  electrical  signals 
without  (duh)  a  wire.  Wireless  first  entered 
the  mainstream  telecommunications  space 
in  1969  when  the  FCC  approved  a  plan 
by  MCI  (Microwave  Communication  Inc.) 
to  provide  long-distance  telephone  service 
with  wireless  radio  signals.  And  despite  the 
nation’s  obsession  with  gadgets  and  giz¬ 
mos,  the  wireless-way-to-deliver-informa- 
tion  continues  to  evolve.  (For  a  look  at 
other  wireless  technologies,  see  “Wireless 
that  Works,”  Page  60.) 

To  differentiate  themselves  from  the 
mobile  device  world,  companies  using  ra¬ 
dio  waves  and  stationary  antennae  have 
adopted  the  label  “fixed  wireless.”  Because 
there  is  no  need  for  mobility,  these  com¬ 
panies  can  use  relatively  large  transmitters 
(compared  with  mobile  devices  that  need 
to  be  portable)  and  consequently  achieve 


Making  connections  after  a  tragedy 


transmission  rates  comparable  to  or  higher 
than  T1  and  DS-3.  Since  there  is  no  cable 
to  run,  fixed  wireless  can  be  a  significantly 
cheaper  way  to  span  the  fabled  last  mile. 

There  are  two  different  approaches  to 
fixed  wireless:  point-to-point,  which  allows 
for  large  broadcasts  between  two  points; 


and  point-to-multipoint,  which  essentially 
creates  a  high-speed  wireless  network.  Each 
is  used  in  different  situations  and  has  dis¬ 
tinct  benefits  and  challenges. 

Point-to-Point 

Point-to-point  is  the  basic  form  of  fixed 
wireless:  a  small  dish  antenna  transmits 
data  over  a  distance  to  another  dish.  The 


range  is  limited  by  line-of-sight.  Under 
ideal  conditions,  a  signal  can  travel 
30  miles,  but  if  anything  gets  in  the  way, 
you  don’t  get  your  signal. 

For  the  University  of  Texas  at  El  Paso 
(UTEP),  its  100Mbps  antenna  delivers 
data  only  a  fifth  of  that  distance,  but  it 


spans  two  countries.  UTEP  is  a  Gigapop 
(access  point)  for  the  Internet2  project, 
one  of  about  30  such  points  in  the  world 
that  provide  connections  to  the  high-speed 
next-generation  Internet  being  used  by  a 
handful  of  universities  to  share  media-rich 
applications.  Keeping  with  its  close  rela¬ 
tionship  with  the  University  of  Juarez  just 
over  the  U.S. -Mexico  border,  UTEP  de¬ 
cided  to  lay  a  dedicated  Internet2  line  to 
the  Mexican  school,  which  could,  in  turn, 
use  existing  landlines  to  share  Internet2- 
based  research  with  other  schools  in  Mex¬ 
ico  and  Central  America. 

The  cost  and  bureaucracy  of  laying 
high-speed  cables  in  two  different  coun¬ 
tries  made  fixed  wireless  the  only  feasi¬ 
ble  choice,  says  UTEP  CIO  Anna  Hines. 
“There  may  be  fiber  in  the  ground,  but 
not  the  type  of  bandwidth  that  is  required 
[for  Intemet2],”  she  says.  “This  is  a  totally 
different  type  of  backbone.” 

In  corporate  settings,  point-to-point  is 
more  commonly  used  to  extend  a  LAN 
from  one  building  to  another.  Banner 
Healthcare,  Caterpillar  and  Merrill  Lynch 
among  countless  others  all  use  point-to- 
point  fixed  wireless  in  this  capacity  to  one 
degree  or  another.  Fargo,  N.D. -based 
Banner  Healthcare,  for  example,  moved 
110  Greeley,  Colo.-based  employees  to  an 
offsite  building  two  miles  away.  To  con¬ 
nect  them  to  the  main  system  they  could 
have  spent  about  $34,000  annually  on  a 
45Mbps  DS-3  line  (assuming  Qwest  ap¬ 
proved  the  construction).  That  didn’t 


Fixed  Wireless  to  the  Rescue 


AT  5:22  P.M.  on  the  afternoon  of  Sept.  11,  Bill  Chen,  director  of  network  architecture  for 
Everest  Broadband,  watched  as  the  TV  showed  the  horror  of  7  World  Trade  Center’s 
collapse.  A  minute  later,  monitoring  software  at  the  Fort  Lee,  N.J. -based  Internet  service 
provider’s  Network  Operations  Center  starting  generating  a  slew  of  network  failure 
alarms.  The  T1  and  T3  lines  the  company  leased  from  Verizon  and  other  carriers  to 
connect  its  customers  to  the  public  WAN  ran  through  the  fallen  building  and  now  lay, 
severed,  beneath  tons  of  rubble.  Some  of  Everest’s  clients,  small  to  midsize  companies 
in  large,  multitenant  buildings  were  left  without  Internet  connections. 

At  first,  Chen  says,  Everest  thought  they  could  simply  wait  until  the  lines  were  re¬ 
covered— everyone  had  higher  priorities.  But  soon  “we  realized  that  if  this  takes  a  long 
time  we  are  going  to  lose  our  customers,”  he  says.  Laying  a  new  T1  line  would  require 
permits  and  street  work,  and  Verizon  had  placed  a  moratorium  on  new  orders  anyway. 
But  Everest  already  had  fixed  wireless  antennae  extending  its  LAN  between  the  two 
buildings  on  its  Fort  Lee  campus,  and  now  as  the  company  hurried  to  bring  its  clients 
back  online,  it  occurred  to  Chen  that  fixed  wireless  would  be  the  only  way  to  do  it. 

It  took  a  couple  of  weeks  to  clear  debris  from  and  restore  power  to  the  buildings 
(and  for  authorities  to  grant  access  to  the  ground  zero  area)  and  another  week  or 
so  to  conduct  the  line  of  sight  surveys  necessary  to  line  up  the  antennae.  The  end 
result  was  three  buildings,  each  within  a  mile  of  each  other,  with  100Mbps  wireless 
antennae  on  their  roofs.  The  signals  consolidate  on  the  top  of  the  third  building  and 
travel  five  miles  to  a  building  with  a  T3  line,  which  connects  back  to  the  WAN.  Chen 
now  says  that  Everest  will  continue  to  use  the  fixed  wireless  as  a  permanent  solu¬ 
tion  because  it  is  cheaper  and  “no  one  can  tell  the  difference.”  -B.W. 


“Fixed  wireless  removes  us  from 
the  mercy  of  third-party  carriers 

and  gives  us  control.”  -Banner  Healthcare  CIO  Paul  Panico 
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measure  up  well  against  a  $37,000  onetime 
charge  for  a  100Mbps  fixed  wireless  con¬ 
nection.  The  DS-3  line  would  also  have 
taken  as  long  as  18  months  to  install, 
whereas  the  wireless  system  was  up  and 
running  within  30  days.  “Going  to  fixed 
wireless  removes  us  from  the  mercy  of 
third-party  carriers  and  gives  us  control,” 
says  Banner  CIO  Paul  Panico. 

Point-to-Multipoint 

The  fixed  wireless  cases  above  illustrate 
what  Gartner  Analyst  Phil  Redman  sees  as 
the  overall  adoption  pattern:  Companies 
use  fixed  wireless  because  fiber  lines  are  not 
a  viable  option,  mostly  due  to  location. 
That  pattern  is  even  more  obvious  in  point- 
to-multipoint  wireless.  The  economic 


to-multipoint  customers  in  2001  com¬ 
pared  with  1.7  million  customers  for  DSL, 
multipoint’s  land-based  competitor.  “The 
economics  of  it  says  it  only  makes  sense 
to  put  a  tower  in  fully  saturated  areas,” 
says  Brad  Baldwin,  broadband  research 
director  at  IDC  (a  sister  company  to  C/O’ s 
publisher,  CXO  Media).  “In  the  [San 
Francisco]  Bay  area,  for  example,  there  is 
a  tower  up  serving  a  very  dense  area.  But 
it  is  too  expensive  [compared  with  DSL] 
to  get  enough  customers  in  these  areas.” 

Dallas-based  Clearwire,  a  point-to- 
multipoint  ISP  targeting  small  businesses, 
has  had  some  success  charging  anywhere 
from  $100  to  $200  a  month  for  service  in 
remote  areas  such  as  West  Texas  where 
there  are  no  DSL  lines.  But  other  than  in 


Environmental  constraints— 
line-of-sight,  connection  outages 
in  storms— are  the  biggest  knocks 
against  fixed  wireless  technology. 


slump  that  has  ravaged  the  telecom  sector 
has  hit  point-to-multipoint  service  pro¬ 
viders  particularly  hard.  And  the  technol¬ 
ogy’s  largest  backers — AT&T  Wireless  and 
Sprint  Worldcom — recently  abandoned 
their  multipoint  initiatives,  signaling  an 
overall  industry  collapse. 

There  are  two  types  of  point-to-multi¬ 
point  technologies:  LMDS  (local  multi¬ 
point  distribution  system),  a  super  high¬ 
speed  (up  to  l.SGbps),  short-range  signal 
(2  miles)  in  the  27GHz  to  30GHz  spectrum; 
and  MMDS  (multipoint  microwave  distri¬ 
bution  system),  a  slower  speed  (30Mbps), 
long-range  (20  miles)  signal  in  the  2.4GHz 
to  2.8GHz  range.  Experiments  have  also 
been  done  with  802.11  technology. 

A  point-to-multipoint  receptor  on  a 
buildings  sends  a  signal  to  a  tower,  which 
transmits  the  signal  to  the  Internet  access 
point.  But  the  equipment  and  service  is 
expensive  and  hasn’t  caught  on — IDC  esti¬ 
mates  that  there  were  1 00,000  new  point- 


out-of-the-way  places,  the  future  for  point- 
to-multipoint  in  the  United  States  is  not 
that  bright  (Baldwin  says  he  is  ready  to 
write  off  LMDS).  However,  Craig  Mathias, 
an  industry  analyst  and  founder  of  the  Ash¬ 
land  Mass. -based  Farpoint  Group,  isn’t 
quite  so  dire,  noting  that  point-to-multi- 
point  may  still  have  a  bright  future  in  devel¬ 
oping  nations  that  don’t  have  a  telecom¬ 
munications  infrastructure  already  in  place. 

Free  Space  Optics 

Free  space  optics,  a  third  technology  try¬ 
ing  to  catch  on,  is  not  fixed  wireless  in  the 
traditional  sense.  It  is  not  a  radio  signal  at 
all,  but  rather  a  laser.  While  it  sounds  like 
something  out  of  Star  Wars,  it  actually 
works  the  same  as  fixed  wireless — data 
travels  through  the  air — and  as  such  gets 
lumped  into  the  same  category  almost  by 
default.  Free  space  optics  is  a  relatively  new 
technology.  The  laser  beam  is  about  the  size 
of  a  baseball  and  can  travel  up  to  half  a 


Companies 
to  Watch 


FileMaker  Inc. 

SANTA  CLARA,  Calif.-based  data¬ 
base  vendor  FileMaker  is  in  the 
process  of  remaking  itself  as  a 
friend  for  IT  departments  looking 
for  an  easy,  low-maintenance 
departmental  product. 

In  the  past,  FileMaker  could 
pose  a  problem  when  those 
small-scale,  database  projects 
had  to  scale  up  to  corporate 
proportions.  To  address  those 
issues,  FileMaker  5.5  adds  all  the 
right  acronyms,  including  JDBC 
drivers  to  allow  connections  to 
Java  applications  and  support  for 
XML-based  data  sharing,  provid¬ 
ing  an  easier  migration  path. 

The  product  is  available  in  a 
variety  of  versions,  including 
FileMaker  Pro  5.5,  which  sup¬ 
ports  applications  running  over 
Citrix  Metaframe  and  Windows 
2000  Terminal  Services; 
FileMaker  Developer  5.5,  which 
adds  development  tools  such  as 
a  script  debugger;  and  FileMaker 
Server  5.5,  which  lets  corpora¬ 
tions  host  FileMaker  applications 
on  centrally  managed  servers 
running  Windows  2000,  NT, 

Linux  and  Mac  OS  8.6  or  later. 

“I  wouldn’t  say,  ‘Let’s  kick  out 
your  existing  workgroup  and 
department  systems,'”  says  Wayne 
T.  Kernochan,  managing  vice  pres¬ 
ident  at  Aberdeen  Group  in 
Boston.  "But  if  you’re  faced  with  a 
choice  between  this  and  another 
system,  and  cost  is  a  major  con¬ 
sideration,  it  is  a  valid  alternative.” 

-Christopher  Lindquist 
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mile,  but  because  it  operates  at  between 
750  to  1,500  nanometers  it  is  invisible  to 
the  eye  (700  is  the  highest  visible  spectrum). 
It  can  achieve  speed  up  to  1GB  per  second. 

Larry  Ice,  CIO  of  Fisher  Communica- 
rions,  a  Seattle-based  communications  and 
media  company  that  owns  and  operates 
several  television  and  radio  stations,  uses 
a  free  space  optics  service  provided  by 
Seattle-based  ISP  Terabeam.  Fisher  broke 
ground  on  its  own  building  in  1999  and 
when  they  began  moving  into  the  as-yet- 
unfinished  structure  a  year  later  Ice  real¬ 
ized  that  they  needed  to  connect  the  old 
and  the  new  offices.  Qwest,  AT&T  and 
others  wanted  around  $47,000  a  month 
for  high-speed  data  lines,  plus  fees  to  dig 
up  the  street  to  lay  the  cable.  Terabeam 
was  able  to  connect  the  buildings  at  half 
the  price,  in  half  the  time  and  offer  10 
times  the  bandwidth. 

Free  space  optics  is  not  problem-free, 
however.  One  foggy  day,  Ice  lost  his  con¬ 
nection  for  about  an  hour.  It  wasn’t  the 
end  of  the  world,  but  it  was  a  hassle 
because  the  T1  backup  line  he  insisted  on 
as  a  condition  to  signing  with  Terabeam 
wasn’t  in  place  yet.  In  fact,  Ice  says  that 
while  he  was  attracted  to  the  speed  and 
ease  of  installation  with  free  space  optics, 
he  only  decided  to  use  it  once  he  knew  he 
would  also  have  a  landline  backup. 

The  environmental  constraints — line-of- 
sight,  connection  outages  in  storms — are 
some  of  the  biggest  knocks  against  fixed 
wireless  technology.  Even  if  those  fears  are 
overplayed,  they  remain  enough  to  cloud 
the  technology’s  future.  Farpoint’s  Mathias 
says  that  the  only  reason  people  are  turn¬ 
ing  to  fixed  wireless  is  if  they  are  in  an  area 
without  or  with  prohibitively  expensive 
landlines.  If  this  doesn’t  push  it  into  a  niche 
market,  as  many  analysts  predict  it  will,  it 
might  resign  it  to  permanent  fail-back 
system.  Useful,  but  probably  not  what 
Marconi  had  in  mind.  ■ 


Staff  Writer  Ben  Worthen  transmits  data  from  a 
fixed  location— his  desk.  You  can  e-mail  him  at 
bworthen@cio.  com . 
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UNDER  DEVELOPMENT 
Optical  links 

Fiber  All  the  Way 

ELECTRICITY  IS  UNDENIABLY  useful,  but  run  it  around  the  densely  packed  circuits  that 
make  up  your  average  computer  motherboard,  and  it  can  cause  problems  such  as  heat 
and  electrical  interference.  Eliminating  those  issues  lies  at  the  core  of  Tempe,  Ariz. -based 
Primarion’s  dream,  called  Fiber  to  the  Processor. 

In  three  to  five  years,  the  broadband  silicon  chip  company  hopes  to  connect  proces¬ 
sors,  memory  and  other  components  with  high-speed,  inexpensive  optical  links  that  will 
eliminate  many  of  the  performance-robbing  pitfalls  of  today’s  technology. 

Primarion  sees  the  InfiniBand  storage  connectivity  bus  as  a  natural  step  toward  the 
final  evolution.  With  InfiniBand,  IT  managers  will  be  able  to  effectively  separate  comput¬ 
ers  from  storage  by  providing  high-speed  connections  between  modular  components. 
Expanding  the  idea  further,  however,  would  let  system  makers  increasingly  modularize 
PCs  by  connecting  memory,  processor,  storage  and  I/O  devices  into  a  computing  mesh. 
Adding  new  processors  or  more  storage  in  this  scheme  would  be  a  simple  matter  of 
attaching  another  module. 

The  first  hurdle  Primarion  has  to  overcome  is  short-distance  optical— the  connections 
among  various  components  that  will  make  up  a  computer.  Current  options  are  bulky  and 
expensive,  but  Primarion  is  developing  optical  packaging  technology  that  doesn’t  require 
special  factories— which  simultaneously  will  address  both  the  size  and  cost  issues. 

The  company  has  also  created  a  power  supply  capable  of  keeping  up  with  insanely  fast 
optical  systems.  Current  power  supplies  would  have  trouble  syncing  properly  with  the  pro¬ 
cessor,  which  could  result  in  data  being  misinterpreted.  So  Primarion  has  created  a  power 
system  that  it  claims  is  2.5  times  faster  than  those  existing  for  today’s  gigahertz  processors. 

The  end  result  could  be  machines  far  more  flexible  and  orders  of  magnitude  faster  than 
anything  that  exists  today.  “If  optical  links  are  cheap  enough,  they’ll  certainly  be  every¬ 
where,"  says  President  and  CEO  Dan  Clarke.  "And  that’s  our  goal.” 

-Christopher  Lindquist 
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We're  also  America's  Big  Wheel  in  Small  Tech. 

This  new  industry  researches  and  develops  tiny  machines 
also  known  as  Microelectromechanical  Systems  (MEMS), 
Microsystems  and  nanotechnologies. 


Other  Small  Tech  developments  in  Michigan  are  enabling 
technologies  across  the  state's  high-tech  sectors  including 
the  deployment  of  automotive  airbag  systems,  portable 
"DNA  lab-on-a-chip"  for  law  enforcement,  and  implantable 
drug  delivery  systems. 


Small  Tech  is  currently  being  developed  at  Michigan  com¬ 
panies  like  Dexter  Research,  whose  infrared  detectors 
shown  above,  have  been  commercialized  for  the  health¬ 
care  and  safety  industries. 
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While  we  are  the  proud  birthplace  and  continuous  innova¬ 
tor  of  the  automotive  industry,  Michigan  is  also  pioneering 
the  newest  technology  industries.  Small  Tech 
is  just  one  example.  For  more,  call  1.800.946.6829  or  visit 
www.michigan.org. 
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Border  Crossings 

IT  plays  a  big  role  in  managing  global  commerce 


BY  FRED  HAPGOOD 

THE  ARGUMENT  that  we  are  living,  or  at 
least  entering,  a  new  economy  rests  on 
two  legs:  the  spread  of  computers  and  the 
ongoing  systematic  organization  of  the 
world  economy.  While  the  first  point  gets 
most  of  the  press,  the  latter  may  be  almost 
as  important.  Small,  locally  defined  mar¬ 
kets  sacrifice  value  by  limiting  both 
economies  of  scale  and  the  growth  of  spe¬ 
cialization.  As  markets  grow  globally,  the 
resulting  increases  in  efficiency  should 
release  a  continuous  stream  of  value  into 
the  world  economy. 

It  seems  that  the  hottest  piece  of  the  IT 
market  would  be  where  these  “legs”  join, 
with  the  use  of  computers  to  manage  cross- 
border  transactions.  An  article  we  ran  in 
1993  (“Made  for  Export,”  Dec.  15), 
though  narrowly  focused  on  the  migration 
of  a  single  major  corporation’s  export  man¬ 
agement  system  from  paper  to  software, 
seemed  to  catch  this  spirit.  According  to 


our  piece,  this  transition  had  no  downside 
to  speak  of:  You  just  wrote  the  software, 
booted  her  up  and  counted  the  dollars. 

Given  this,  it  seems  paradoxical  to  learn 
from  those  involved  with  cross-border 
trade  that  the  field  was  one  of  the  last  cor¬ 
porate  functions  to  be  digitized.  “You 
could  see  typewriters  in  offices  into  the 
late  ’90s,”  says  Cris  Arens,  president  of 
Fountainhead  International,  a  logistics 
software  house  in  Bensenville,  Ill.  “And 
they  were  being  used  too.” 

Arens  and  other  sources  offer  many  rea¬ 
sons  why  cross-border  logistics  were  so 
slow  to  adopt  IT.  Over  the  decades,  inter¬ 
national  trade  had  built  up  a  huge  paper 
infrastructure,  involving  countless  forms 
issued  by  public  and  private  bureaucracies 
around  the  world  (packers,  inland  carri¬ 
ers,  international  carriers,  banks,  insurers, 
freight  forwarders,  warehousers,  customs 
and  more),  each  with  its  own  data  and  for- 


IT  Needs  Leadership 


CIOS  NEED  to  become  leaders, 
not  caretakers,  according  to  a 
recent  report  by  Stamford,  Conn.- 
based  Meta  Group. 

The  report,  "The  CIO  Desk 
Reference:  Critical  Competencies 
Every  CIO  Must  Master,"  states 
that  CIOs  must  look  beyond  day- 
to-day  operations  and  gain  skills  in 
areas  such  as  IT  portfolio  manage¬ 
ment  and  value  management.  The 
downturn  in  IT  spending  will  force 
CIOs  to  make  the  case  for  their  ini¬ 
tiatives  as  contributors  to  the  bot¬ 
tom  line— not  just  cost  centers. 

According  to  Meta  Group,  CIOs 
must  establish  a  disciplined 
approach  to  managing  IT  assets 
to  help  reduce  costs  and  improve 
return  on  investment.  The  “Desk 
Reference”— compiled  from  the 
firm’s  research  and  its  CIO  Boot 
Camp  program— provides  infor¬ 
mation  intended  to  help  CIOs 
implement  this  approach.  The 
report  includes  sections  on  port¬ 
folio  management,  risk  manage¬ 
ment,  marketing  IT  capabilities, 
techniques  to  increase  IT  value 
perception  and  more. 

The  550-page  report  is  avail¬ 
able  directly  from  Meta  Group. 

For  more  information,  visit 
www.  metagroup,  com . 

-Christopher  Lindquist 
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ILLUSTRATION  BY  DAVID  MOORE 


Companies  using  our 
integration  platform  have 

realized  a 


10-20% 

reduction  in  working  capital 

requirements 

and  a 

3-5  times 

return  on  investment 


The  webMethods  integration 
platform  unlocks  the  power  of 
your  IT  investments  by  delivering 
Global  Business  Visibility — 
complete  integration  of  business 
processes,  applications  and 
databases  enterprise-wide. 
Through  Global  Business  Visibility, 
webMethods  provides  the  clarity 
you  need  to  control  and  optimize 
your  business  —  not  just  to  compete 
or  merely  survive,  but  to  thrive. 
www.webMethods.com 


Ask  us  what  we  can  do 
for  your  company. 


webMethods, 

The  Business  Integration  Company 


mat  requirements.  Digitizing  enough  of 
these  forms  to  make  the  transition  useful 
would  have  been  a  huge  job,  and  some 
data  had  to  be  on  paper  anyway,  as  a  mat¬ 
ter  of  law.  For  most  companies,  cross- 
border  trade  was  essentially  a  revenue 
afterthought,  which  meant  the  resources  to 
pay  for  the  shift  were  hard  to  find. 

Finally,  there  was  no  overwhelming  rea¬ 
son  to  change.  The  high  fixed  costs  of  each 
transaction  and  relatively  slow  business 
cycles  encouraged  trade  to  move  in  small 
numbers  of  large  shipments — one  10,000- 
unit  shipment  might  arrive  in  February 
and  then  another  in  the  fall — and  type¬ 
writers  could  keep  pace  with  that  flow. 

Through  the  ’90s,  however,  govern¬ 
ments  around  the  world  launched  a  num¬ 


- 1  Emerging 

services  company  that  specializes  in  global 
trade  management,  likes  to  propose  this 
quiz:  “Did  Nafta  make  it  easier  or 
harder  to  move  goods  over  borders?”  You 
know  by  his  tone  that  the  right  answer  is 
not  the  obvious  one.  “Harder,  because 
now  you  needed  a  staff  to  prepare  the  doc¬ 
uments,”  he  says.  “People  argue  over 
whether  Nafta  created  jobs,”  says  Frank 
Cirimele  of  Xporta,  a  company  in  Santa 
Clara,  Calif.,  that  makes  software  to  man¬ 
age  cross-border  supply  chains.  “It  sure 
did  for  lawyers.” 

Other  categories  of  regulations,  such  as 
end-user  restrictions,  started  proliferating 
rapidly  at  the  same  time.  There  are  now 
14,000  entries  on  the  list  of  persons  or 
entities  for  which  American  companies 


It  would  seem  common  sense  that 
freer  trade  would  translate  into  a 
simpler  process,  but  that  is  not  how 
trade  adjustments  work. 


ber  of  initiatives  to  lower  trade  barriers.  It 
would  seem  common  sense  that  freer  trade 
would  translate  into  a  simpler  process,  but 
that  is  not  how  trade  adjustments  work. 
Trade  is  a  highly  charged  process  poli¬ 
tically;  changes  always  involve  extended 
haggling  over  the  finest  possible  details. 
The  end  result  is  usually  a  complicated  stew 
of  solicitation  and  qualification  instru¬ 
ments,  and  refund  claims  tied  to  detailed 
lists  of  specific  products  and  country- 
of-origin  content  documents,  all  linked  to 
phase-in  and  phase-out  schedules  that 
themselves  are  constantly  changing. 

Larry  Christensen,  a  vice  president  at 
Vastera,  a  Dulles,  Va. -based  software  and 

cio.com _ 

Read  Chris  Lindquist’s  TECH  TACT: 
NEW  TOOLS  FOR  NEW  JOBS, 
every  Monday  at  www.cio.com. 


need  special  permission  to  do  business, 
and  more  make  the  list  every  day.  In  short, 
typewriters  could  no  longer  keep  up. 

In  1996,  the  U.S.  Department  of  Com¬ 
merce  had  become  so  concerned  about  the 
costs  and  level  of  compliance  with  this 
flood  of  regulations  that  it  began  the  first 
general  rewrite  of  export  procedures  since 
1949.  The  emerging  system  was  designed 
from  the  ground  up  to  be  implemented  in 
software.  By  1999,  customs  had  completely 
automated  the  submission  of  export  con¬ 
trol  documents  and  the  gathering  of  export 
statistics.  A  similar  arrangement  for  import 
documents  followed  a  year  later. 

At  the  same  time,  cross-border  trans¬ 
actions  involving  U.S.  companies  doubled 
from  one  trillion  to  two  trillion.  Trade 
began  to  represent  enough  revenue  to 
assert  a  serious  claim  on  corporate  IT 
investment  budgets.  Finally,  by  the  end  of 
the  decade,  companies  had  spent  enough 
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time  and  effort  digitizing  the  required 
documents  that  the  databases  started  to 
become  useful. 

The  result  is  that  for  the  first  time  large 
components  of  U.S.  trade  can  be  tracked 
and  managed  with  software.  This  is 
potentially  quite  significant.  Digital  envi¬ 
ronments  are  much  more  flexible  than 
paper-based  IT  processes.  They  can  be 
reconfigured — adopting  innovations  and 
enhancements — in  minutes.  Today,  dozens 
of  software  vendors  around  the  world 
turn  out  software  with  features  that  seem 
bound  to  simplify  and  therefore  acceler¬ 
ate  trade.  Fountainhead’s  Arens  cites  as 
an  example  rate  analyzers  that  can  auto¬ 
matically  probe  prices  across  multiple 
shipper  databases,  kicking  out  detailed 
suggestions  for  the  most  cost-effective 
shipment  compositions  and  carriers.  Ac¬ 
cording  to  Xporta ’s  Cirimele,  last  sum¬ 
mer  the  United  Nations  agreed  on  a  com¬ 
mon  document  standard  for  commercial 
transactions.  When  implemented,  this  will 
allow  supply  chain  management  and 
resources  planning  software  to  collect, 
forward  and  integrate  data  seamlessly 
across  borders.  Greg  Stock,  a  vice  presi¬ 
dent  at  Vastera,  points  out  that  digitized 
services  are  easy  to  repackage  for  many 
different  kinds  of  clients.  For  example, 
they  can  be  distributed  over  the  Web  by 
third  parties  via  an  ASP-type  relationship. 
“A  company  can  be  a  global  player  in¬ 
stantly,”  he  says. 

While  it  is  hard  to  know  for  sure  how 
much  value  gets  thrown  away  by  the  cur¬ 
rent  balkanization  of  the  world  economy, 
the  prosperity  of  the  few  large  trading 
blocs  in  the  world  (the  United  States  and 
the  European  Community)  suggest  that 
the  amount  is  very  large.  If  the  theory  that 
prosperity  is  a  function  of  market  size 
turns  out  to  be  true,  then  the  digitization 
of  trade-related  IT  might  turn  out  to  be 
one  of  the  more  important  economic  sto¬ 
ries  of  our  time.  BO 


Are  there  topics  you’d  like  us  to  revisit?  Tell  us 
at  et@cio.com. 
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The  events  of  2001  have  proven 
that  America’s  business  and  IT 
organizations  are  both  adaptive  and 
strong  —  but  where  do  we  go  from  here? 


APRIL  14-16,  2002  ■  SHERATON  BAL  HARBOUR  BEACH  RESORT  ■  BAL  HARBOUR,  FLORIDA 


CIO 


PERSPECTIVES 


Strategies  for 
theNew  Reality 


Get  powerful  insights  and 
actionable  ideas  from  the 
people  you  trust  the  most: 
your  CIO  peers  at  leading 
companies,  plus  thought 
leaders  on  the  economy, 
the  law,  technology  and 
business. 

Jonathan  Zittrain,  noted 
speaker  and  Executive 
Director  of  the  Berkman 
Center  for  Internet  & 
Society  at  the  Harvard 
Law  School,  joins  us  as 
conference  moderator. 


We  ll  tackle: 

■  THE  ECONOMY 

How  long  and  rocky  is  the  road  ahead? 

Robert  Shiller,  Economist  and  author  of  Irrational  Exuberance 

m  IT  AND  BUSINESS  STRATEGIES 

Re-align  —  on  a  continuous  basis  —  as  the  world  keeps 
changing.  A  panel  of  global  CIOs,  led  by  Richard  W.  Swanborg, 
President  and  Founder,  1C  EX 

■  LEADERSHIP  AND  COMMUNICATIONS 

Get  the  results  you  want  —  from  senior  management,  peers, 
and  employees.  Dr.  Rick  Brinkman,  author,  Dealing  with  People 
You  Can't  Stand... 

■  IT  BUDGETS  Learn  the  tools  and  techniques  successful  IT 
executives  use  to  set,  sell  and  manage  budgets.  A  panel  of 
CIOs,  led  by  Martha  Heller,  Director,  CIO's  Best  Practice 
Exchange 

■  LEGAL  LIABILITY  Know  where  you  and  your  company  are 
vulnerable  —  and  what  you  can  do  about  it. 

Bruce  P.  Keller,  Partner,  Debevoise  &  Plimpton 


PLUS  A  special  update  on  security,  the  latest  CIO  Tech 
Poll  results  on  IT  spending,  emerging  technologies,  the 
CIO/CFO  relationship,  and  the  best  networking  opportu¬ 
nities  around! 
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Powerful  insights.  Actionable  ideas.  Great  networ 


SUNDAY,  APRIL  14 

8:00  am  -  1:30  pm 

Golf  Tournament 

3:00  pm  -  5:00  pm 

Registration 

6:00  pm  -  8:00  pm 

Welcome  Reception 

The  perfect  time  to  meet  your 
peers,  CIO  editors,  Corporate 
Hosts  and  special  guests. 

MONDAY,  APRIL  15 

7:30  am  -  8:30  am 

Breakfast  &  Registration 

8:30  am  -  8:45  am 

Welcome  &  KnowPulse  Poll 

ABBIE  LUNDBERG 
Editor  in  Chief,  CIO  Magazine 

8:45  am  -  9:30  am 
Opening  Keynote:  Is  There 
Such  a  Thing  as  Too  Much 
Security? 

JONATHAN 
ZITTRAIN, 

Conference 
Moderator 
Executive  Director, 

The  Berkman  Center  for  Internet  & 
Society,  Harvard  Law  School 
The  push  toward  a  more  secure 
Internet  has  been  revitalized  by 
recent  events.  Just  what  forms  will 
that  security  take?  Implications 
reach  far  beyond  combating  virus¬ 
es  and  denial  of  service  attacks. 
Almost  every  way  we  use  the 
Internet,  especially  for  commerce, 
stands  to  evolve,  as  "security"  and 


"trust"  become  the  touchstones  of 
Internet  development. 

9:30  am  -  10:15  am 
CIO  &  CFO:  Working  Together 
for  Better  Results 

NEIL  HASTIE 
CIO,  TruServ 
Corporation 
The  CIO  and  the  CFO 
are  the  two  executives 
whose  domains  stretch  to  every 
corner  of  a  company  —  as  IT  is 
woven  through  every  aspect  of  the 
organization,  and  bottom-line  con¬ 
cerns  exert  greater  influence  on  all 
initiatives.  Regardless  of  where 
they  sit  on  the  organization  chart, 
the  two  will  always  have  a  unique 
relationship  —  one  inevitably  col¬ 
ored  with  tension.  A  CIO  and  CFO 
look  at  the  nature  of  the  roles,  and 
discuss  how  to  strike  the  right  bal¬ 
ance  between  an  appropriate 
amount  of  tension  and  respect  — 
and  why  doing  so  will  produce  bet¬ 
ter  corporate  results. 

10:15  am  -  11:00  am 

Keeping  Up  with  Emerging 
Technologies  in  Turbulent 
Times 

CHARLES  S. 

BRENNER 

Senior  Vice  President, 

Fidelity  Center  for 
Applied  Technology 
The  hardest  part  of  a  CIO’s  job  is 
trying  to  keep  up  with  emerging 
technologies.  In  today's  turbulent 
economic  times,  companies  also 
need  to  decide  whether  or  not  to 


invest  in  new  technology  develop¬ 
ment. 

Fidelity  Investments  is  one  com¬ 
pany  that  has  continued  to  invest 
heavily  in  innovation.  The  company 
created  FCAT,  the  Fidelity  Center 
for  Applied  Technology,  which 
investigates  emerging  technologies 
and  tests  new  products  and  soft¬ 
ware  that  might  someday  become 
part  of  Fidelity’s  services. 

Brenner  explains  why  his  com¬ 
pany  believes  that  an  economic 
downturn  is  the  ideal  time  to  make 
investments  in  new  technology: 
because  by  the  time  the  markets 
rebound,  it  may  be  too  late  to 
develop  the  new  technologies  and 
services  your  customers  demand 
before  your  competitors  do.  He 
also  talks  about  some  of  the  actual 
technology  directions  Fidelity  is 
currently  pursuing. 

11:00  am  -  11:30  am 

Break 

11:30  am  -  12:15  pm 

Business  Briefings 

Our  Corporate  Hosts  present  case 
studies,  technology  updates,  and 
management  practices. 

12:15  pm  -  1:45  pm 

Working  Lunch: 

The  Economy  — 

A  Special  Report 

ROBERT  J.  SHILLER 
Professor  of 
Economics, 

Yale  University 


In  his  best-selling  book,  Irrational 
Exuberance,  Shiller  documented 
the  combination  of  factors  that 
drove  stock  markets  to  dizzying 
heights,  and  forecasted  the  dan¬ 
gers  associated  with  that  phenom¬ 
enon.  The  dot.com  bubble  burst, 
the  economy  quickly  slowed— and 
the  events  of  September  11th  con¬ 
tinue  to  take  a  heavy  toll  psycho¬ 
logically  and  economically.  Where 
do  we  go  from  here? 

2:00  pm  -  2:45  pm 

Business  Briefings 

2:45  pm  -  3:30  pm 

Business  Briefings 

3:45  pm  -  4:45  pm 

CIO  Panel:  Rethinking  IT  and 
Business  Strategies 

Moderator:  RICHARD 
W.  SWANBORG,  JR. 

President  and  Founder, 

ICEX 

Panelists: 

JOHN  GLASER 
Vice  President 
and  CIO, 

Partners  Healthcare 
System,  Inc. 

JOHN  GLOTZBACH 
Executive  Vice 
President  and  CIO, 

SBC  Communi¬ 
cations  Inc. 

How  do  you  keep  your 
IT  strategy  relevant  and 
visible  while  your  business  under¬ 
goes  significant  change?  How  do  you 
improve  the  speed  for  setting  an  IT 


To  enroll  or  for  more  information,  call  800  366-0246,  fax  the  form 
to  508  879-7720,  or  visit  our  website  at  www.cio.com/conferences 


“Sharing  knowledge  is 

“Great  opportunity  to  spark 

“In  two  days  1  learned  of 

critical  to  survival.  CIO 

new  ideas  beneficial  to 

several  useful  innovations; 

Perspectives  gives  us  the 

our  IT  organization  and 

we’ll  implement  the  first 

opportunity  to  share  with 

business.” 

one  tomorrow.” 

and  learn  from  the  best.” 

-A.O.  SMITH  CORPORATION 

-AUTOBYTEL,  INC. 

-WATSON  WYATT  WORLDWIDE 

ng.  It  all  adds  up  to  the  best  ROI  for  you. 


strategy  and  getting  buy-in  from  all 
your  stakeholders?  Is  there  a  better 
way  to  fund  and  quickly  deploy  a  new 
strategic  initiative  while  minimizing 
the  risk  of  failure?  Top  CIOs  share 
their  views  and  experiences. 


4:45  pm  -  5:45  pm 

Legal  Liability:  When  You  and 
Your  Company  Can  Be  Sued 

BRUCE  P.  KELLER 


Partner,  Debevoise  & 

Plimpton 

To  what  extent  are  you 
and  your  company 
exposed  based  on  how 
employees  or  third 
parties  interact  with  your  IT  sys¬ 
tems?  Do  you  know  what  your  sys¬ 
tems  are  really  hosting?  A  number 
of  corporations  recently  discovered 
that  their  systems  functioned  as 
“super  nodes”  for  the  FastTrack 
file-swapping  network.  Keller 
examines  how  current  concepts  of 
organizational  liability,  privacy  and 
intellectual  property  use  in  the 
marketplace  affect  corporations. 


6:00  pm  -  7:00  pm 

Reception 

The  best  place  to  get  connected, 
exchange  more  good  ideas  and 
get  practical  advice. 

TUESDAY,  APRIL  16 

7:30  am  -  8:30  am 

Breakfast  &  Informal 
Discussion  Roundtables 

Chat  with  CIO  Magazine  editors 
and  your  peers  over  coffee. 


8:30  am  -  8:45  am 

Corporate  IT  Spending 
Trends  —  Where  Are  They 
Headed? 

GARY  BEACH 
Group  Publisher,  CXO 
Media  Inc. 

CIO  Magazine,  in  part¬ 
nership  with  Ed  Yard- 
eni,  chief  investment 
strategist  of  Deutsche  Banc 
Alex. Brown,  surveys  a  panel  of 
senior  executives  on  current  and 
future  IT  spending,  as  well  as 
other  issues.  Beach  presents  an 
overview  of  the  latest  results  and 
emerging  trends  from  the  CIO 
Tech  Poll. 


8:45  am  -  9:45  am 

New  Tools,  New  Approaches 
to  E-Crime:  A  US  Secret 
Service  Briefing 

BOB  WEAVER 
Assistant  Special 
Agent  in  Charge,  US 
Secret  Service,  NY 
Electronic  Crimes  Task 
Force 

The  Task  Force's  approach  is 
unique  in  law  enforcement 
because  of  its  focus  on  prevention, 
education  and  partnership  with 
private  industry,  as  much  as  its 
responsibilities  for  investigation 
and  support  of  prosecution. 

Weaver,  and  Peter  Cavicchia  — 
one  of  the  members  of  his  New 
York  team  who  is  specially  trained 
by  the  USSS  to  handle  electronic 
crimes  —  provide  specific  prac¬ 
tices  and  techniques  used  by  the 
NY  Electronic  Crimes  Task  Force  to 
combat  electronic  crimes, 


including  forensics  techniques, 
technology  tools,  and  approaches 
the  Task  Force  takes  that  are 
mutually  productive  for  business 
as  well  as  law  enforcement. 

This  session  is  produced  in  coop¬ 
eration  with  the  National  Critical 
Infrastructure  Assurance  Office 
(CIAO)  in  the  US  Department  of 
Commerce. 

9:45  am  -  10:45  am 

Best  Practice  Exchange: 
Setting,  Selling  and 
Managing  the  IT  Budget 

Moderator:  MARTHA 
HELLER 

Director,  Best  Practice 
Exchange,  CIO 
Magazine 

CIOs  who  want  to  see 
their  projects  completed  and  their 
staff  intact  understand  the  impor¬ 
tance  of  smart  budget  practices. 
This  panel  of  CIOs,  drawn  from  the 
CIO  Best  Practice  Exchange,  a  pri¬ 
vate  online  network  of  senior  IT 
executives,  discusses  the  tools  and 
techniques  each  uses  to  set,  sell, 
and  manage  their  IT  budgets. 

10:45  am  -  11:15  am 

Break 

11:15  am  -  12:00  pm 

Business  Briefings 

12:00  pm  -  12:45  pm 

Business  Briefings 

1:00  pm  -  2:30  pm 

Networking  Lunch 


2:45  pm  -  3:45  pm 

Leadership  and 
Communications 

DR.  RICK  BRINKMAN 
Author,  Dealing  With 
People  You  Can't 
Stand... 

As  CIOs  gain  more 
prominence  within  their  organ¬ 
izations,  they  have  more  opportu¬ 
nities  to  interact  with  other  senior 
executives,  corporate  officers  and 
directors.  Dr.  Rick  helps  us  under¬ 
stand  the  cause/effect  of  commu¬ 
nications  and  get  the  results  we 
want. 

3:45  pm  -  4:45  pm 

Closing  Keynote 

4:45  pm  -  5:15  pm 

Summary/Conclusion 

JONATHAN  ZITTRAIN 
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Voice  in  the 
Wilderness 

Voice  over  IP  sounds  like  a  good  idea  until 
you  ask— and  answer— the  hard  questions 

BY  CHUCK  PAPAGEORGIOU 

I  WAS  TRYING  to  figure  out  why  I  was  getting  annoyed  at  my  CIO  friend 
Mark  while  he  was  making  a  valiant  effort  to  convince  me 
that  voice  over  IP  (VoIP)  was  the  way  to  go  to  the  desktop. 
I  could  understand  the  technical  merits  of  VoIP,  but  I  was  still 
not  convinced.  And  then  it  dawned  on  me:  The  conversation 
reminded  me  of  the  embarrassing  questions  a  general  manager 
asked  when  considering  uninterruptible  power  supply  (UPS). 

A  few  years  ago  I  was  present  at  a  meeting  where  a  sales 
team  was  trying  to  persuade  a  crusty  general  manager  at  a  man¬ 
ufacturing  plant  to  upgrade  his  backup  power.  The  upgrade 
would  support  six  hours  of  uninterrupted  computer  opera¬ 
tions — an  improvement  over  the  two  hours  the  plant  currently 
had.  The  sales  team  went  on  extolling  the  technical  virtues  of 
their  new  UPS  system  and  the  cost  benefits  the  plant  would 
get  from  it,  when  the  GM,  after  listening  politely  for  about 
15  minutes,  started  asking  the  following  embarrassing  questions. 

GM:  Tell  me  Jim  [plant  IT  manager],  how  long  does  it  take 
to  properly  wind  down  our  data  center  after  a  power  failure? 

Jim:  Oh,  about  15  minutes;  45  if  we  want  to  run  a  backup 
before  shutdown. 


GM:  Thanks.  Do  you  guys  [the  sales  team]  know  what  hap¬ 
pens  to  the  plant  when  power  is  down  for  more  than  two  hours? 

Sales  Team:  Uhmmmm.... 

GM:  If  we  have  a  power  failure  for  more  than  two  hours,  we 
shut  the  plant  down  and  send  99  percent  of  the  people  home. 
That’s  because  it  takes  more  than  three  hours  to  restart  the  pro¬ 
duction  line  after  power  comes  back  on,  and  that  requires  about 
five  people  and  no  computers  other  than  the  ones  in  the  data 
center.  Why  do  I  need  to  spend  almost  a  month’s  profit  to  keep 
my  computers  up  and  running  while  the  plant  is  closed? 

The  sales  team’s  answer?  Silence. 

Needless  to  say  the  sales  team  did  not  close  the  sale. 

VoIP  is  one  of  those  great  technologies  that  people  want  to 
apply  everywhere  just  because  they  can.  And  this  brings  me 
back  to  Mark.  He  was  absolutely  convinced  that  if  he  did  not 
deploy  VoIP  to  the  desktop,  his  company  would  be  at  a 
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competitive  disadvantage.  We  decided  to  spend  some  time  ask¬ 
ing  and  answering  embarrassing  questions  before  Mark  went  to 
the  operating  executives  with  his  request. 

Question:  What  is  the  impact  of  moving  voice  traffic  on  the 
internal  network? 

Answer:  Since  voice  traffic  has  different  characteristics  than 
data  traffic  and  the  human  ear  has  low  tolerance  for  people 
sounding  like  Donald  Duck,  we  agreed  that  quality  of  service 


The  cost  of  powering  2,500  VoIP  phones  for  a 
year?  Around  $65,000.  The  cost  of  powering 
telephone  sets?  Nothing. 


(QoS)  and  priority  for  voice  traffic  is  important.  But  when  we 
attempted  to  understand  QoS  features  touted  by  the  VoIP  ven¬ 
dors,  we  ended  up  with  very  few  assurances  that  they  would 
work  in  an  internal  network  environment.  Bottom  line:  We 
don’t  know. 

Question:  How  would  changes  made  to  VoIP  affect  daily 
telecom  operations? 

Answer:  Mark’s  company  experiences  a  move,  add  and 
change  (MAC)  rate  of  35  percent  in  its  existing  PBX  phone  sys¬ 
tem.  (Each  year,  something  is  changed  in  35  percent  of  the 
phones.)  Half  of  the  MAC  activity  is  physically  relocating  sta¬ 
tion  equipment  or  new  construction.  The  rest  is  software- 
related,  such  as  changing  routing  features,  display  names,  call 
coverage,  phone  numbers  and  so  on.  The  people  managing 
the  PBX  have  this  down  to  a  science.  A  user  simply  calls  or 
sends  e-mail  to  the  help  desk  with  her  request.  Right  now,  the 
service-level  agreement  calls  for  software  changes  within  four 
hours  and  physical  changes  within  24  hours.  Unfortunately, 
there  are  no  procedures  for  handling  MAC  activity  in  a  VoIP 
environment.  Bottom  line:  We  don’t  know. 

Question:  Once  VoIP  is  implemented,  what  new  devices  will 
the  users  have  on  their  desks? 

Answer:  The  notion  that  a  router  and  some  data  ports  will 
provide  the  entire  infrastructure  required  for  VoIP  to  the  desk¬ 
top  is  simplistic  at  best.  Until  there  is  a  universal  workstation 
that  can  provide  both  voice  and  data  capabilities  and  something 
that  combines  a  PC  and  a  telephone,  we  will  need  dual  infra¬ 
structures.  Users  will  continue  to  have  both  a  computer  work¬ 
station  and  a  telephone  workstation  on  their  desks,  whether 
regular  or  VoIP.  Since  we  are  not  sure  what  the  network  impact 
will  be,  we  will  probably  have  two  separate  networks  to  sup¬ 
port  VoIP.  In  effect,  we  would  have  to  replace  the  PBX  infra¬ 
structure  that  is  simple,  in  place  and  paid  for,  with  VoIP  cabling 
and  hardware.  Bottom  line:  We’ll  need  two  of  everything. 


Question:  What’s  the  total  cost  of  ownership  (TCO)  for  VoIP? 

Answer:  That  is  the  CFO’s  favorite  question.  We  found  plenty 
of  cost  analysis  models  for  the  backbone  network  but  very  lit¬ 
tle  information  for  the  desktop.  Even  something  as  simple  as 
electricity  to  power  the  phones  was  not  included  in  any  of  the 
models  we  looked  at.  Using  the  conservative  estimates  of  Paul 
Rodecki,  a  telephony  industry  consultant  in  Palm  City,  Fla., 
the  cost  of  powering  2,500  VoIP  phones  for  a  year  will  be 
around  $65,000.  Today’s  cost  of  powering  tele¬ 
phone  sets,  with  the  exception  of  powering  the 
PBX  itself,  is  nothing.  Another  TCO  issue  that 
confuses  many  executives  is  long  distance. 
Mark’s  cost  for  long-distance  transport  is  less 
than  8  cents  per  minute  and  dropping.  Since 
his  company  does  not  have  a  large  private  net¬ 
work  connecting  its  locations,  calls  have  to  be 
routed  through  a  carrier’s  network.  So  implementing  VoIP  will 
not  save  him  any  money.  Bottom  line:  We  don’t  know,  but  the 
TCO  for  VoIP  looks  higher  than  that  of  today’s  phones. 

Question:  Are  there  any  existing  features  in  the  current  telephony 
environment  that  will  be  lost  by  going  to  a  VoIP  configuration? 

Answer:  Call-detail  recording  is  the  first  thing  that  comes  to 
mind.  Mark’s  company  has  a  strong  cost  accounting  method¬ 
ology  for  controlling  telephony  cost.  How  will  call  records  be 
kept  in  a  strictly  VoIP  environment? 

Another  major  concern  is  the  company’s  call  center.  Many 
industry  analysts  talk  about  the  flexibility  of  using  VoIP  tele¬ 
phones  in  a  call  center  environment,  and  I  agree  from  a  tech¬ 
nical  perspective.  However,  we  could  not  find  any  applications 
to  support  call  center  integration  to  the  CRM  initiatives  Mark’s 
company  recently  initiated.  Bottom  line:  We  will  lose  some  fea¬ 
tures  that  we  currently  use. 

Question:  Are  there  any  existing  corporate  obligations  that 
would  make  adoption  of  VoIP  difficult? 

Answer:  Industry  consultant  Tom  Brophy  from  NetPlus  in 
Parsippany,  N.J.,  points  out  that  most  corporations  have  long¬ 
term  agreements  with  their  long-distance  carriers.  That’s  the 
case  with  Mark’s  company.  Bottom  line:  There  are  some  con¬ 
tractual  issues  that  we  don’t  know  how  to  resolve. 

Clearly,  there  is  too  much  we  don’t  know  about  VoIP.  Given 
all  the  unanswered  questions,  why  deploy  a  new  technology  to 
replace  an  existing  one  as  reliable  and  critical  as  the  telephone? 
VoIP  to  the  desktop  just  isn’t  ready  for  prime  time.  H0 


What  do  you  think  about  VoIP?  Let  Opinion  Editor 
Megan  Santosus  know  at  santosus@cio.com.  Chuck 
Papageorgiou  is  president  and  CEO  of  Discrete  Wireless, 
a  wireless  ASP  based  in  Atlanta,  and  is  the  managing 
partner  of  Ideasphere,  a  high-tech  consulting  company 
based  in  Roswell,  Ga. 
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The  Home  Depot 
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An  Imperfect  Cvbercrime  Treaty 
IT  Politics 


An  Imperfect 
Cybercrime 

Treaty 

BY  BILL  WALL 

THE  AMBIGUOUS  NATURE  of  the  Internet  has  historically  proved  frus¬ 
trating  for  companies  when  it  comes  to  hackers.  Since  there  are 
no  international  regulations  governing  cybercrime,  hackers 
have  gotten  away  with  billions  of  dollars  in  damage.  Now  with 
a  new  treaty  in  Europe,  governments  are  finally  cooperating 
to  regulate  cyberspace.  Still,  companies  looking  for  straight¬ 
forward  regulations  may  have  to  wait  a  bit  longer.  Despite 
the  international  cooperation,  the  treaty  still  raises  concerns. 

The  characteristics  that  make  the  Internet  so  productive 
for  conducting  business  also  make  it  susceptible  to  criminal 
activity.  As  transactions  across  borders  have  become  easier,  so 
have  crimes.  For  example,  a  hacker  in  the  Philippines  can 
access  an  intranet  in  France  to  find  competitive  information 
about  a  business  in  Brazil.  Such  competitive  proprietary  infor¬ 
mation  can  be  used  for  illicit  purposes  including  insider  stock 
trading.  The  hacker  might  also  post  the  confidential  informa¬ 
tion  on  the  Internet,  forcing  the  Brazilian  company  to  modify 
an  expensive  product-marketing  campaign.  Since  there  are  no 
international  cybercrime  treaties  currently  in  place,  this  hacker 
cannot  be  prosecuted  by  the  victimized  company. 
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Fast  May,  the  Council  of  Europe,  working  with  Canada, 
Japan,  South  Africa  and  the  United  States,  approved  the  27th 
draft  of  the  Convention  on  Cybercrime,  the  first  international 
treat}'  on  crime  in  cyberspace.  In  progress  since  1997,  the 
treaty  will  now  be  sent  to  the  Council’s  Committee  of  Ministers 
for  ratification,  and  then  it  must  be  accepted  by  each  country' 
individually,  a  process  that  will  likely  take  one  to  two  years. 

When  the  treaty  is  enacted,  participating  countries  will  be  < 
required  to  create  laws  that  coincide  with  the  regulations  in  § 
the  treaty  regarding  issues  such  as  network  attacks,  digital  > 
copyrights,  child  pornography,  computer-related  fraud  and  " 
viruses.  The  treatv  will  also  allow  one  country'  to  obtain  infor-  ^ 

O 

marion  such  as  e-mail  logs  and  hard  drive  contents  from  a  5 
hacker  in  another  country,  possibly  leading  to  the  arrest  and  7 
extradition  of  the  hacker.  Police  and  security  officials  have  been  e 
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struggling  to  fight  cybercrime,  and  this  treaty  is  designed  to 
help  them  by  enabling  global  cooperation. 

However,  by  allowing  police  access  to  a  hacker’s  computer 
records,  the  Council  of  Europe  has  set  off  alarms  about  pri¬ 
vacy,  free  speech  and  e-commerce.  Internet  service  providers 
worry  about  costs  incurred  by  having  to  essentially  start  keep¬ 
ing  electronic  paper  trails  on  anyone  who  might  be  under  sus¬ 
picion.  Civil  liberties  groups  think  the  treaty  would  sacrifice 
privacy  by  allowing  investigators  to  track  computer  informa¬ 
tion  about  citizens.  Another  concern  revolves  around  the 
extent  of  cooperation  between  countries,  as  some  nations  have 
laws  prohibiting  certain  actions  that  are  legal  in  others.  For 
example,  if  hate  language  is  illegal  in 
France,  should  the  French  police  be 
able  to  request  information  about  and 
prosecute  the  owners  of  a  Nazi  website 
based  in  the  United  States? 

Other  critics  contend  that  law  en¬ 
forcement  officials  could  interpret  the 


wording  of  the  treaty  in  a  manner  that  would  criminalize  some 
standard  techniques  that  vendors  use  to  test  the  security  of  a  com¬ 
puter.  For  example,  exploit  code,  a  tool  used  by  security  experts 
to  test  the  integrity  of  systems,  could  come  into  question. 
Authors  of  the  accord  counter  that  their  insertion  of  the  term 
criminal  intent  will  prevent  that  problem  from  occurring. 

If  nothing  else,  the  treaty  has  been  effective  in  bringing 
forth  issues  about  international  crime  fighting.  And  with 
the  growth  of  globalization  and  the  Internet,  there  is  a  new 
set  of  controversial  issues  looming  just  off  the  horizon. 
While  this  treaty  has  its  critics,  it’s  an  improvement  over 
what  has  come  before  it.  At  the  moment,  the  treaty  offers 

businesses  the  best  hope  for  legal 
recourse  should  they  become  the  vic¬ 
tim  of  cybercrime.  ■ 


Bill  Wall  is  the  chief  security  engineer  for  the 
Harris  Corp.,  a  communications  equipment 
company  based  in  Melbourne,  Fla. 
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IT  Politics 

BY  JIM  PREBIL  AND  TOM  COLBERT 

WITH  I.T.  REACHING  every  part  of  a  company,  IT  implementations  need 
collaborative  work  teams.  These  teams  must  consider  the 
political  nature  of  an  organization  and  the  influence  employ¬ 
ees,  business  partners,  shareholders  and  even  customers  wield 
on  the  outcome  of  IT  projects.  Without  a  collaborative  per¬ 
spective,  IT  may  find  disgruntled  employees  standing  in  the 
way  of  a  project’s  success.  As  a  result,  CIOs  will  spend  their 
valuable  time  dealing  with  the  politics  of  execution.  With  some 
advanced  planning,  these  politics — and  the  time  spent  to  deal 
with  them — can  be  minimized. 

When  establishing  a  collaborative  work  team,  the  involve¬ 
ment  of  every  stakeholder  is  an  absolute  necessity.  A  collabo¬ 
rative  work  team  can  develop  strategies  that  underscore  the 
multifaceted  and  complex  nature  of  stakeholder  needs  by  ana¬ 
lyzing  an  organization’s  fitness  landscape,  a  process  that  looks 
at  an  organization’s  ability  to  adapt  to  change. 

To  evaluate  an  organization’s  fitness  landscape,  team  mem¬ 
bers  need  to  look  at  the  relationships  and  the  value  that  each 
stakeholder  brings  to  a  project.  Stakeholders  typically  include 
employees,  project  partners,  customers,  shareholders,  ven¬ 
dors,  partner  companies  and  executives. 
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The  first  phase  in  evaluating  the  fitness  landscape  involves 
reviewing  the  business  plan,  assessing  company  culture, 
identifying  the  work  groups  affected  by  a  technology  imple¬ 
mentation  and  interviewing  representatives  of  a  project’s  iden¬ 
tified  stakeholder  groups.  The  second  phase  is  a  workshop 
assessment  with  stakeholders  to  explore  their  needs  and  roles.  If 
the  workshop  is  conducted  with  honesty,  constructive  work¬ 
ing  relationships  among  stakeholders  will  emerge. 

While  some  CIOs  may  not  be  comfortable  with  the  reflec¬ 
tive  nature  of  this  exercise,  it’s  much  easier  to  develop  a  com¬ 
prehensive  implementation  strategy  that  delivers  value  for  each 
stakeholder  group  after  evaluating  an  organization’s  fitness 
landscape.  As  the  implementation  begins,  the  work  team  can 
use  the  information  gained  in  the  planning  process  to  defuse 
political  situations  and  map  a  smoother  path  to  completion. 

Evaluating  the  fitness  landscape  will  bring  the  right 
people  together  to  com¬ 
plete  the  job  and  ensure 
its  acceptance  among 
employees.  It  doesn’t 
cost  a  lot  of  money  or  time  to  consider  the  people  factor  in 
an  implementation  process,  and  the  payoffs  can  be  enormous: 
reduced  turnover,  increased  productivity,  improved  morale, 
optimized  technology  and  a  culture  that  is  able  to  manage 
change  positively.  BE] 


Send  your  opinions  to  Megan 
Santosus  at  santosus@cio.com. 


Jim  Prebil  is  managing  director  of  e-business,  and  Tom  Colbert  is  a  con¬ 
sultant  at  Born,  an  e-business  consultancy  based  in  Minnetonka,  Minn. 
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Complete  protection  for  your  entire  enterprise. 

When  it  comes  to  protecting  your  business,  you  need  security  that  can  protect  your 
enterprise  from  potential  threats,  no  matter  where  they  may  come  from.  That's  exactly 
what  eTrust  does.  Our  family  of  products  allows  you  to  not  only  safeguard  your  entire 
enterprise,  but  also  view  and  manage  that  security  either  centrally  or  from  multiple 
delegated  locations.  So  you  can  continue  to  grow  and  maximize  new  opportunities 
while  minimizing  your  risk.  And  that's  security  you  can  feel  secure  about. 


Computer  Associates™ 


HELLO  TOMORROW 


WE  ARE  COMPUTER  ASSOCIATES 


THE  SOFTWARE  THAT  MANAGES  eBUSINESS 


TM 


ca.com/etrust 
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